Gaps between Policy and Practice in the Protection of Data Privacy

By Cockcroft, Sophie | JITTA : Journal of Information Technology Theory and Application, January 1, 2002 | Go to article overview

Gaps between Policy and Practice in the Protection of Data Privacy


Cockcroft, Sophie, JITTA : Journal of Information Technology Theory and Application


ABSTRACT

A common casualty of poor information security is the privacy of the individual. Much has been written about formulating privacy policies, and there has been some work in identifying privacy abuses. This paper brings the two areas together by reviewing some of the key aspects of privacy policy. It presents a taxonomy of privacy abuses distilled from publicly available online reports issued during 2001. The gaps between policy and practice are identified and some solutions put forward to fill those gaps.

INTRODUCTION

Poor information security can have a severe impact on an organisation. The major risk in consumer to business e-commerce is that security concerns will result in a lack of consumer confidence resulting in a loss of business. Information security is defined by Parker (2001) as: "The preservation of confidentiality and possession, integrity and validity, and availability and utility of information".

With reference to the definition above, privacy is incorporated in the first two items; confidentiality and possession. A recent report suggested that only one in three businesses implement formal privacy policies (Computer Economics 2001). Even when policies are in place they are often not rigorously applied until a significant security breach forces management to focus on them (Fonseca 2000; Milberg, Smith et al. 2000).

This study is confined to privacy abuses relating to computerised data assets of an organisation or an individual, and any channels through which this data is transmitted.

Before any meaningful discussion of privacy abuses and their remedies can occur, it is necessary to acknowledge the complex backdrop against which such a discussion takes place. There are three dimensions to the space in which privacy policy and safeguards are developed; first, a plethora of regulatory approaches to assuring privacy exist worldwide. These approaches stem at least in part from the culture of the country in which they are developed. Second, new technologies are changing the landscape of privacy, but also the way organisations function, and third, organizational issues, including the structure of the organisation itself and the policies that evolve within it. This conceptual space is illustrated in Figure 1.

The paper is organised into four sections. First a review of the current research into the regulatory, technological and organisational policy aspects of privacy is given. The purpose of this review is to develop an understanding of how privacy policy evolves within an organisation. In the second section a content analysis of a cross section of news stories is carried out. From this, a taxonomy of privacy abuses is distilled, these are compared to the results of existing studies. Third, using the taxonomy and guidelines for managing information security from section 1, gaps or representational deficiencies are identified which suggest where the weaknesses in current thinking on information privacy exist. Each of these abuses is discussed in turn. Finally some technical data management solutions are put forward.

Laws, regulations and ethics

Laws and regulations

Balancing different privacy perspectives within the realm of increasingly connected global e-commerce presents a significant challenge to managers. Whilst privacy as an individual right is a very old concept, the information age has brought confusion about what is ethically right or wrong in the realm of privacy. Many privacy abuses do not break any law - it depends under which jurisdiction they occur. Even at the ethical level, opinions differ about what constitutes an abuse of privacy. Henderson (1999) gave the example of mailbox clutter or spam as something that could be seen as merely inconvenient rather than damaging to an individuals privacy. Eliminating spam was, however identified as one of the top five objectives for assuring privacy in a recent study (Dhillon and Moores 2001). …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Gaps between Policy and Practice in the Protection of Data Privacy
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.