Anderson, C. L., & Agarwal, R. (2010, September). Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions. MIS Quarterly, 34, 613-643. doi:https://doi.org/10.2307/25750694
The author argue that organisations are reinforcing their technology capabilities to help safeguard the security of their computing assets but unfortunately employees working from home or remote environment are not subject to the technical security by company staff for software update as well as the security of their hardware. from the same perspective, (Anderson & Agarwal, 2010) continue defending that with billion people accessing internet, employees working remotely represent a significant security risk to their connected organization. on the other hand, the author shows the fact that other individual so-called cybercitizens are motivated to take precaution and control to secure their connected computer over the internet. Providing training and necessary tools to remote employees connected to the organization, will increase the security and privacy of the organization data and even the safety of user personal information over the internet.
Ball, K. S. (2001, December 1). Surveillance Society: Monitoring Everyday Life. Information Technology & People, 14, 406-419. doi: https://doi.org/10.1108/itp.2001.14.4.406.5
(Ball, 2001) demonstrate the importance of conducting more research to the issue of information privacy in the area which personal information security is concerned. In addition to that, the author describes the main Lyon’s argument in the Electronic Eye which define the information society as a surveillance society, this is because of its capability of collecting and processing personal information for the management of data collected.
In the literature the author explains two faces of surveillance which are Care and control then argue that there are some who will deny the fact of deploying surveillance technology to monitor the risk such as theft and fraud and keep demonstrating how others still also deny the capability of surveillance technologies to manage a large amount of categorised information about individuals by explaining that the technology can be used to identify and target people in many different forms.
The author draws a comparison of surveillance system from 20years ago against how it is used today were by in earlier days it was normally used by secret entities but with the trend of technology today it’s linked to manage activities between citizens and organization along with the government as a tool to account for. In the literature the author continue discus on how surveillance technologies can be politicised, can also be theorised as well as be examined for what the future can look like.
The (Ball, 2001) Observes the in the literature, the lack of consistent and action taken against the widespread of monitoring practices.
In line to the topic “Security issues in personal information handling”, from the author observation, the monitoring technologies and capabilities, represents a high risk in affecting personal information privacy and interferer with the security of personal information handled by organisation with the fact of being interconnected with government agencies, organisations as well as individual in the form of digital presence characterized by identification properties such as ID number, Date of birth, Drivers Licence, Address etc..
Bélanger, F., & Crossler, R. E. (2011, December). Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems. 35, 1017-1041. doi:https://doi.org/10.2307/41409971
This article focuses on the major concerns about privacy which are stated by the author as four major concerns which include Privacy, Accuracy, accessibility and property and the literature state in particular privacy as the main concern that has been there for years and still remain the main concern up to date. The finding explains different levels of privacy concerns and explore it impact in different variables represented as dependent including the willingness to disclose or provide information to an entity or to deliberately transact the information. In addition, the finding demonstrates how the privacy concerns represent a perception of what happen to the information that an individual provides to the organisation. Therefore, (Bélanger & Crossler, 2011) review the privacy practices by exploring organisations along with individual actions in regard to protection of privacy when transacting information by either when disclosing information or sharing of information between institutions or individuals. Finally, this literature concludes by connecting the information privacy concerns, privacy attitudes practices, tools and its consequences. Therefore, this article is useful to for the analysis of Security issues in personal information handling, the limitation drawn from this article show that it requires more focus on the nation and government perspectives of handling the privacy issues.
Benson, V., Saridakis, G., & Tennakoon, H. (2015, August 3). Information disclosure of social media users: Does control over personal information, user awareness and security notices matter? Information Technology & People, 28(3), 426-441. doi:https://doi.org/10.1108/ITP-10-2014-0232
This literature main purpose is conducting the investigation around the connection between the disclosure of personal information and the performed control over the information along with the user awareness and security in social media perspective. In this article, the author review and analyse data from different social media users. The author concludes in the finding that control over personal information in social network is negatively associated with the disclosure of information. However, Benson argue and show the strong side and positive impact of security notification as well as user awareness when information is being disclosed or shared. Finally, the author analyses the information disclosure as well as discuss the implication of actors in social interaction.
Boral, L., Disla, M., Patil, S., Williams, J., & Park, J. S. (2007). Countering Insider Threats in Personal Devices. 2007 IEEE Intelligence and Security Informatics. doi:10.1109/ISI.2007.379499
This article focusses on the insider threat and the countermeasures to mitigate the risk that can pose in the organization. The paper defines personal devices as machines that directly attached to the organization but that can as well expose a threat to be exploited inside the company. In that case, the author proposes four diamond methods to increase security in personal devices within the organisation which are as follows: Software design, followed by Detection technology design, Policy design and Information retrieval design. Considering his view these methods will defend against insider threat. Finally, the author concludes that combining these methods and applying them accordingly will increase and provide the best security for personal devices in the company. Though the theory is limited only to technical security with lack of mechanisms on the user awareness as well as security in disclosure of information.
ÇELİK, M., ALKAN, M., & ALKAN, A. O. (2020, December 03-04). Protection of Personal Data Transmitted via Web Service Against Software Developers. 2020 International Conference on Information Security and Cryptology (ISCTURKEY). doi:10.1109/ISCTURKEY51113.2020.9308009
In this article the authors (ÇELİK, ALKAN, & ALKAN, 2020) describes the importance of protecting personal information when it being shared between institutions through webservices, he continues to demonstrate how protection of personal information is a comprehensive regulation in national and international level and argue that protection of personal information shared between organization is a legal obligation.
This theory focuses on security measures for protecting personal information by designing an application interface that will facilitate the flow of this security mechanism in order to protect personal information shared between organization that is transmitted via web services against software developers. The research analyses the characteristics that identifies an individual in different level such as:
- Explicit Identifiers where data attribute identifies clearly an individual, ex: first name, last name, address driver’s license
- Sensitive Qualified: which define sensitive characteristics of a person that should not be disclosed such as medical information
- Semi-Descriptors where by information that cannot clearly identify a person.
The author strongly argues that in most cases the violation of protection of the data transmitted via webservice is caused by human factor and in that case propose that taking measures against the human factor should strongly be taken seriously as it is an important issue in protecting personal information,
In this research the literature defines different methods to be used to protect personal information when being transmitted through web services like Encryption mechanism, Anonymization for data privacy and Masking technique for confidential information.
This literature is limited to the fact that it does not provide any improvement of how webservices should work or propose any modification to the webservices, however it provide important security solution in the protection of personal information when it is handled and shared among institution.
Gressin, S. (2017, Septembre 8). The Equifax Data Breach: What to Do. Attorney, Division of Consumer & Business Education, FTC. Retrieved from https://www.penncommunitybank.com/wp-content/uploads/2019/12/The-Equifax-Data-Breach_-What-to-Do-_-Consumer-Information.pdf
The literature demonstrates how consumers of Equifax sensitive information was exposed in the data breach that around 143 million users were affected. The author describes the fact of the hacker accessing people’s name, social security numbers, dated of birth, driver’s license as well as the credit card number that was stolen.
Finally, the author lists the steps to take in order to protect your personal information on credit agencies. This theory contribute to the topic with a demonstration of how sensitive information can be exposed and help in considering the application of best mechanism to protect personal information.
Kirkham, T., Winfield, S., Ravet, S., & Kellomäki, S. (2012). The Personal Data Store Approach to Personal Data Security. IEEE Security & Privacy, 11(3), 12-19. doi:10.1109/MSP.2012.137
The author research focuses on personal data stores as a solution to online privacy. As the paper discus the way a person can choose to share some specific personal information while restricting access to other parties, as the article continue to state that many threat target individual online presence and other focus on the organization which individuals are connected to, these threats are presented such as phishing, virus, spyware, scams, cyberbullying as well as identity theft. The author in this theory describe different angles that the privacy issue can be addressed which is Political aspect where government explore personal data to enforce the security, Economic perspective is presented as business are allowed to work with individuals personal data, Sociological aspect where individuals personal data are exploited by malicious actors through social network platforms and continue describe many others such as technological in the case of storing and transiting our personal data. The author argument is based on the challenge that is presented in personal data store, he strongly backup the literature by the argument that despite all challenges various parties including developers for personal data store, do believe that the online privacy is necessary and possible to be implemented. In addition to that the author examine the motivation around personal data store.
- (2009, January 15). DATA CLASSIFICATION AND HANDLING PROCEDURES GUIDE. KU Policy Library. Retrieved from https://policy.ku.edu/IT/data-classification-handling-procedures
In this policy paper, the procedure and guideline illustrate the minimum level of protection which are necessary when interacting with data or performing some activities. Therefore, the data classification is provided to help understand which security mechanism need to be adopted in the organization to protect different type of information as data classification is needed for confidentiality and criticality of the information. According to (KU, 2009) information is classified according to it level of confidentiality listed in category: Level 1, Level 2 and Level 3 where we have Confidential data, Sensitive data and public data. At the end the paper describes the way people can interact with information in accordance with its level in terms of Collection of data, Accessibility of information, disclosure of information, safeguard of information in transit, security of storage and physical equipment and the disposal of information. This theory has a great use in protecting personal information withing the organization.
Markopoulos, A., Arvanitis, G., Psilakis, P., Kyriazakos, S., & Stassinopoulos, G. (2003, September 07-10). Security mechanisms maintaining user profile in a personal area network. 14th IEEE Proceedings on Personal, Indoor and Mobile Radio Communications, 2003. PIMRC 2003. doi:10.1109/PIMRC.2003.1259247
The main idea expressed in this conference paper is maintenance of profile in personal area network by using security capabilities such availability, Authentication, Authorization and confidentiality. The paper proposes a platform that can be implemented to help the ad-hoc information. Therefor, the author starts by illustrating and describing the two major structural components in the application security and profiling system which are such: – Security through certificate which normally apply it security in transport and authentication layer over the network, and the second component which is Security through Profiles and roles which directly provide security in the application layer. These two components provide a high security of a communication transited of the network. In regard to the topic, this paper has useful information in regard to organization structure of security of personal information according to the selected topic facing the organization handling of personal data as combining certificate and SSL in transport layer, and both SOAP and XML for profile data exchange, the organization can easily maintain and secure the user profile in a personal area network.
Nakagawa, Y., Matsuda, Y., & Ogi, T. (2013). Framework for handling personal data proposed system of the self-control on buying information. 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013). doi:10.1109/ICITST.2013.6750172
The aim for this article is to design a framework that will enable users to control their data. In particular it focuses on buying information and how the user should handle it using the proposed self-control method of own information. The author argue that it takes long time to construct a social system, however individuals now have difficulties to access their data which become non beneficial to them even if it’s their own generated record. Furthermore, the author finds the problem of people having no access to control their own data and provide a solution to eradicate the problem by proposing the framework for handling personal data which focuses on buying information. In conclusion paper finish by successfully design the system that allow users to select a company which can user their data under their control and be able to choose the data that can be used. Such a framework has significant importance to the topic as applying this mechanism help users for the security of their information and companies for not using inappropriately data for marketing purpose.
OAIC. (n.d.). The Privacy Act / Rights and responsibilities. Retrieved from OAIC: https://www.oaic.gov.au/privacy/the-privacy-act/rights-and-responsibilities
In this privacy Act, the Australian government and the (OAIC, n.d.) focuses on responsibilities and rights between organization and individuals and explain by defining the responsibilities for each party. The government state who has rights under the privacy act and who has responsibilities under the privacy act, were by stipulate that individuals have right to know why personal information is being collected, how it will be used and to whom the information will be disclosed. In addition to the right, individual have right to use a pseudonym in some circumstances. In particular, the government argue the Organization of having the responsibilities to securely protect the privacy of collected information. The limitation where my argument will be based is the fact that every individual has the right to use a pseudonym with no limitation and no mechanism provided to handle any malicious activity that can come from the person being identified as another which raise a major concern in personal information handling. The importance of this Act to the topic, it helps contribute in understanding of the government perspective on personal information handling.