Endre søk
Link to record
Permanent link

Direct link
Publikasjoner (10 av 54) Visa alla publikasjoner
Wairimu, S., Iwaya, L. H., Fritsch, L. & Lindskog, S. (2024). On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review. IEEE Access, 12, 19625-19650
Åpne denne publikasjonen i ny fane eller vindu >>On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review
2024 (engelsk)Inngår i: IEEE Access, E-ISSN 2169-3536, Vol. 12, s. 19625-19650Artikkel, forskningsoversikt (Fagfellevurdert) Published
Abstract [en]

Assessing privacy risks and incorporating privacy measures from the onset requires a comprehensive understanding of potential impacts on data subjects. Privacy Impact Assessments (PIAs) offer a systematic methodology for such purposes, which are closely related to Data Protection Impact Assessments (DPIAs), particularly outlined in Article 35 of the General Data Protection Regulation (GDPR). The core of a PIA is a Privacy Risk Assessment (PRA). PRAs can be integrated as part of full-fledged PIAs or independently developed to support PIA processes. Although these methodologies have been identified as essential enablers of privacy by design, their effectiveness has been criticized because of the lack of evidence of their rigorous and systematic evaluation. Hence, we conducted a Systematic Literature Review (SLR) to identify published PIA and PRA methodologies and assess how and to what extent they have been scientifically validated or evaluated. We found that these methodologies are rarely evaluated for their performance in practice, and most of them have only been validated in limited studies. Most validation evidence is found with PRA methodologies. Of the evaluated methodologies, PIAs were the most evaluated, where case studies were the predominant evaluation method. These evaluated methodologies can be easily transferred to an industrial setting or used by practitioners, as they provide evidence of their use in practice. In addition, the findings in this study can be used to inform researchers of the current state-of-the-art, and practitioners can understand the benefits and current limitations of the methodologies and adopt evidence-based practices. 

sted, utgiver, år, opplag, sider
IEEE, 2024
Emneord
Privacy impact assessment, data protection impact assessment, general data protection regulation, privacy by design, privacy, review, threat modeling, privacy risks, validity, maturity.
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-98433 (URN)10.1109/access.2024.3360864 (DOI)2-s2.0-85184332904 (Scopus ID)
Prosjekter
Digital Health Innovation (DHINO) ProjectDigitalWell Arena Project
Forskningsfinansiär
Region Värmland, RUN/220266Vinnova, 2018-03025
Tilgjengelig fra: 2024-02-09 Laget: 2024-02-09 Sist oppdatert: 2024-02-23bibliografisk kontrollert
Nordin, A., Ängeby, K. & Fritsch, L. (2022). Body-Area Sensing in Maternity Care: Evaluation of Commercial Wristbands for Pre-birth Stress Management. In: Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering: . Paper presented at 16th European-Alliance-for-Innovation (EAI) International Conference on Body Area Networks (BodyNets), 25 December 2021 through 26 December 2021 (pp. 168-175). Springer, 420
Åpne denne publikasjonen i ny fane eller vindu >>Body-Area Sensing in Maternity Care: Evaluation of Commercial Wristbands for Pre-birth Stress Management
2022 (engelsk)Inngår i: Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, Springer, 2022, Vol. 420, s. 168-175Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Many women use digital tools during pregnancy and birth. There are many existing mobile applications to measure quantity and length of contractions during early labour, but there is a need to offer evidence-based, credible electronic and digital solutions to parents-to-be. This article presents ongoing research work in a research project regarding mobile telemetric supported maternity care. It summarizes an approach for stress management in late maternity and under birth preparation that is based on body area sensing, our investigation of the properties of commercially available wearable wristbands for body sensing, and the insights gained from testing the wristbands from the project's perspective. We found that sensing precision is very variable depending on the wristband model, while the flows of medical personal data exclusively are routed through vendor cloud platforms outside the EU. The impact of our findings for the use of commercial wristbands in European medical research and practice is discussed in the conclusion.

sted, utgiver, år, opplag, sider
Springer, 2022
Emneord
Body area networking, Midwifery, Mobile health, Self-metering, Stress management, Wearables, Digital devices, mHealth, Wearable technology, Cloud platforms, Digital solutions, Digital tools, Evidence-based, Mobile applications, On-body, Property, Obstetrics
HSV kategori
Forskningsprogram
Omvårdnad; Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-89507 (URN)10.1007/978-3-030-95593-9_14 (DOI)000774502300014 ()2-s2.0-85125236499 (Scopus ID)9783030955922 (ISBN)
Konferanse
16th European-Alliance-for-Innovation (EAI) International Conference on Body Area Networks (BodyNets), 25 December 2021 through 26 December 2021
Tilgjengelig fra: 2022-04-13 Laget: 2022-04-13 Sist oppdatert: 2022-09-07bibliografisk kontrollert
Wairimu, S. & Fritsch, L. (2022). Modelling privacy harms of compromised personal medical data - Beyond data breach. In: ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security: . Paper presented at 17th International Conference on Availability, Reliability and Security, ARES 2022. Association for Computing Machinery (ACM), Article ID 133.
Åpne denne publikasjonen i ny fane eller vindu >>Modelling privacy harms of compromised personal medical data - Beyond data breach
2022 (engelsk)Inngår i: ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security, Association for Computing Machinery (ACM), 2022, artikkel-id 133Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

What harms and consequences do patients experience after a medical data breach? This article aims at the improvement of privacy impact analysis for data breaches that involve personal medical data. The article has two major findings. First, scientific literature does not mention consequences and harms to the data subjects when discussing data breaches in the healthcare sector. For conceptualizing actual documented harm, we had to search court rulings and popular press articles instead. We present the findings of our search for empirically founded harms in the first part of the article. Second, we present a modified PRIAM assessment method with the goal of better assessment of harms and consequences of such data breaches for the patient/employee data subject in healthcare. We split the risk assessment into parallel categories of assessment rather than calculating a single risk score. In addition, we quantify the original PRIAM categories into a calculus for risk assessment. The article presents our modified PRIAM which is the result of these modifications. Our overall contribution is the collection of actual harms and consequences of e-health data breaches that complement the overly theoretical discussion in publications. With our operationalization of PRIAM and by providing a catalog of real harms examples, we focus privacy impact assessment on actual harms to persons.

sted, utgiver, år, opplag, sider
Association for Computing Machinery (ACM), 2022
Serie
ACM International Conference Proceeding Series
Emneord
Calculations, Data privacy, Health care, Consequence, Data breach, Data subjects, Harm, Medical data, Patient experiences, Personal health informations, Privacy, Privacy impact, Risks assessments, Risk assessment
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-91872 (URN)10.1145/3538969.3544462 (DOI)2-s2.0-85136920878 (Scopus ID)978-1-4503-9670-7 (ISBN)
Konferanse
17th International Conference on Availability, Reliability and Security, ARES 2022
Merknad

Detta paper var publicerat som manuskript med titeln Modelling Privacy Impact of Compromised Personal Medical Data: Beyond Data Breach i Wairimus licentiatuppsats Privacy and Security Analysis: Assessing Risks and Harm to Patients (2022).

Tilgjengelig fra: 2022-09-13 Laget: 2022-09-13 Sist oppdatert: 2022-10-04bibliografisk kontrollert
Hatamian, M., Wairimu, S., Momen, N. & Fritsch, L. (2021). A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps. Empirical Software Engineering, 26(3), Article ID 36.
Åpne denne publikasjonen i ny fane eller vindu >>A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps
2021 (engelsk)Inngår i: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 26, nr 3, artikkel-id 36Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

As this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.

sted, utgiver, år, opplag, sider
Springer Nature, 2021
Emneord
contact tracing apps, covid19, privacy, security, software quality, android, permissions, personal data, maturity, information privacy, privacy risk
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-83509 (URN)10.1007/s10664-020-09934-4 (DOI)000631083100001 ()2-s2.0-85103351291 (Scopus ID)
Prosjekter
Digital Well ResearchAlert
Tilgjengelig fra: 2021-03-22 Laget: 2021-03-22 Sist oppdatert: 2022-09-15bibliografisk kontrollert
Momen, N., Bock, S. & Fritsch, L. (2020). Accept - Maybe - Decline: Introducing Partial Consent for the Permission-based Access Control Model of Android. In: SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies: . Paper presented at The 25th ACM Symposium on Access Control Models and Technologies, Barcelona, Spain, June 10-12, 2020. (pp. 71-80). ACM Digital Library
Åpne denne publikasjonen i ny fane eller vindu >>Accept - Maybe - Decline: Introducing Partial Consent for the Permission-based Access Control Model of Android
2020 (engelsk)Inngår i: SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, ACM Digital Library, 2020, s. 71-80Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

The consent to personal data sharing is an integral part of modern access control models on smart devices. This paper examines the possibility of registering conditional consent which could potentially increase trust in data sharing. We introduce an indecisive state of consenting to policies that will enable consumers to evaluate data services before fully committing to their data sharing policies. We address technical, regulatory, social, individual and economic perspectives for inclusion of partial consent within an access control mechanism. Then, we look into the possibilities to integrate it within the access control model of Android by introducing an additional button in the interface---\emph{Maybe}. This article also presents a design for such implementation and demonstrates feasibility by showcasing a prototype built on Android platform. Our effort is exploratory and aims to shed light on the probable research direction.

sted, utgiver, år, opplag, sider
ACM Digital Library, 2020
Emneord
Partial consent; Access control; Privacy; Data protection
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-77501 (URN)10.1145/3381991.3395603 (DOI)2-s2.0-85086822285 (Scopus ID)
Konferanse
The 25th ACM Symposium on Access Control Models and Technologies, Barcelona, Spain, June 10-12, 2020.
Forskningsfinansiär
The Research Council of Norway, 270969
Tilgjengelig fra: 2020-04-19 Laget: 2020-04-19 Sist oppdatert: 2021-03-18bibliografisk kontrollert
Momen, N. & Fritsch, L. (2020). App-generated digital identities extracted through Androidpermission-based data access - a survey of app privacy. In: Reinhardt, D.; Langweg, H.; Witt, B. C; Fischer, M (Ed.), Sicherheit 2020: . Paper presented at INFORMATIK 2020 - Back to the Future (pp. 15-28). Gesellschaft für Informatik
Åpne denne publikasjonen i ny fane eller vindu >>App-generated digital identities extracted through Androidpermission-based data access - a survey of app privacy
2020 (engelsk)Inngår i: Sicherheit 2020 / [ed] Reinhardt, D.; Langweg, H.; Witt, B. C; Fischer, M, Gesellschaft für Informatik, 2020, s. 15-28Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Smartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.

sted, utgiver, år, opplag, sider
Gesellschaft für Informatik, 2020
Emneord
Privacy; Android; Apps; IdentiĄcation; Digital Identity; Survey and Permissions
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-77345 (URN)10.18420/sicherheit2020_01 (DOI)978-3-88579-695-4 (ISBN)
Konferanse
INFORMATIK 2020 - Back to the Future
Prosjekter
Ars Forencia
Merknad

Konferensen inställd, men bidrag publicerat

Tilgjengelig fra: 2020-03-24 Laget: 2020-03-24 Sist oppdatert: 2021-03-11bibliografisk kontrollert
Bisztray, T., Gruschka, N., Mavroeidis, V. & Fritsch, L. (2020). Data Protection Impact Assessment in Identity Control Management with a Focus on Biometrics. In: Heiko Roßnagel, Christian Schunck, Sebastian Mödersheim, Detlef Hühnlein (Ed.), Open Identity Summit 2020: . Paper presented at Open Identity Summit 2020 (pp. 185-192). Bonn: Gesellschaft für Informatik e.V., P-305
Åpne denne publikasjonen i ny fane eller vindu >>Data Protection Impact Assessment in Identity Control Management with a Focus on Biometrics
2020 (engelsk)Inngår i: Open Identity Summit 2020 / [ed] Heiko Roßnagel, Christian Schunck, Sebastian Mödersheim, Detlef Hühnlein, Bonn: Gesellschaft für Informatik e.V. , 2020, Vol. P-305, s. 185-192Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Privacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.

sted, utgiver, år, opplag, sider
Bonn: Gesellschaft für Informatik e.V., 2020
Serie
Lecture Notes in Informatics, ISSN 1617-5468 ; P-305
Emneord
data protection, privacy, impact assessment, GDPR, DPIA, identity management, biometrics
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-77895 (URN)10.18420/ois2020_17 (DOI)2-s2.0-85097354539 (Scopus ID)978-3-88579-699-2 (ISBN)
Konferanse
Open Identity Summit 2020
Forskningsfinansiär
The Research Council of Norway
Tilgjengelig fra: 2020-05-29 Laget: 2020-05-29 Sist oppdatert: 2021-04-22bibliografisk kontrollert
Fritsch, L. (2020). Identification collapse - contingency in Identity Management. In: Heiko Roßnagel; Christian Schunck; Sebastian Mödersheim; Detlev Hühnlein (Ed.), Open Identity Summit 2020: . Paper presented at Open Identity Summit 2020 (pp. 15-26). Bonn: Gesellschaft für Informatik e.V., P-305
Åpne denne publikasjonen i ny fane eller vindu >>Identification collapse - contingency in Identity Management
2020 (engelsk)Inngår i: Open Identity Summit 2020 / [ed] Heiko Roßnagel; Christian Schunck; Sebastian Mödersheim; Detlev Hühnlein, Bonn: Gesellschaft für Informatik e.V. , 2020, Vol. P-305, s. 15-26Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Identity management (IdM) facilitates identification, authentication and authorization inmost digital processes that involve humans. Digital services as well as work processes, customerrelationship management, telecommunications and payment systems rely on forms of IdM. IdMis a business-critical infrastructure. Organizations rely on one specific IdM technology chosen tofit a certain context. Registration, credential issuance and deployment of digital identities are thenbound to the chosen technology. What happens if that technology is disrupted? This article discussesconsequences and mitigation strategies for identification collapse based on case studies and literaturesearch. The result is a surprising shortage of available documented mitigation and recovery strategiesfor identification collapse.

sted, utgiver, år, opplag, sider
Bonn: Gesellschaft für Informatik e.V., 2020
Serie
Lecture Notes in Informatics (LNI), ISSN 1617-5468 ; P-305
Emneord
Identity management;business continuity;cybersecurity;contingency management
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-77893 (URN)10.18420/ois2020_01 (DOI)2-s2.0-85097355232 (Scopus ID)978-3-88579-699-2 (ISBN)
Konferanse
Open Identity Summit 2020
Tilgjengelig fra: 2020-05-29 Laget: 2020-05-29 Sist oppdatert: 2021-03-18bibliografisk kontrollert
Fritsch, L. (2020). Identity Management as a target in cyberwar. In: Heiko Roßnagel, Christian Schunck, Sebastian Mödersheim, Detlef Hühnlein (Ed.), Open Identity Summit 2020: . Paper presented at Open Identity Summit 2020 (pp. 61-70). Bonn: Gesellschaft für Informatik e.V., P-305
Åpne denne publikasjonen i ny fane eller vindu >>Identity Management as a target in cyberwar
2020 (engelsk)Inngår i: Open Identity Summit 2020 / [ed] Heiko Roßnagel, Christian Schunck, Sebastian Mödersheim, Detlef Hühnlein, Bonn: Gesellschaft für Informatik e.V. , 2020, Vol. P-305, s. 61-70Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

This article will discuss Identity Management (IdM) and digital identities in the context ofcyberwar. Cyberattacks that target or exploit digital identities in this context gain leverage throughthe central position of IdM digital infrastructures. Such attacks will compromize service operations,reduce the security of citizens and will expose personal data - those of military personell included. Thearticle defines the issue, summarizes its background and then discusses the implications of cyberwarfor vendors and applicants digital identity management infrastructures where IdM is positioned as acritical infrastructure in society.

sted, utgiver, år, opplag, sider
Bonn: Gesellschaft für Informatik e.V., 2020
Serie
Lecture Notes in Informatics (LNI), ISSN 1617-5468 ; P-305
Emneord
Identity management;Cyberwar;Cyber conflict;Digital identities;Information Privacy; Critical Infrastructure Protection;Security;Cyberconflict;Cybersecurity
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-77894 (URN)10.18420/ois2020_05 (DOI)2-s2.0-85097341633 (Scopus ID)978-3-88579-699-2 (ISBN)
Konferanse
Open Identity Summit 2020
Tilgjengelig fra: 2020-05-29 Laget: 2020-05-29 Sist oppdatert: 2021-03-18bibliografisk kontrollert
Toresson, L., Shaker, M., Olars, S. & Fritsch, L. (2020). PISA: A Privacy Impact Self-assessment App Using Personas to Relate App Behavior to Risks to Smartphone Users. In: Communications in Computer and Information Science, CCIS: . Paper presented at International Conference on Human-Computer Interaction, HCI International 2020, 19 July 2020 through 24 July 2020 (pp. 613-621). Springer, 1226
Åpne denne publikasjonen i ny fane eller vindu >>PISA: A Privacy Impact Self-assessment App Using Personas to Relate App Behavior to Risks to Smartphone Users
2020 (engelsk)Inngår i: Communications in Computer and Information Science, CCIS, Springer, 2020, Vol. 1226, s. 613-621Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

We present an educative self-assessment app intended to increase awareness of app-related privacy risks. The privacy impact self-assessment (PISA) app is intended to stimulate smartphone user reflection over risks of data sharing and data extraction from their smartphones. An interactive user interface performs an end-user targeted dialogue about apps using personas with a variety of vulnerabilities. The guided dialogue about threats is intended to engage the user’s reflection about own app risk. We describe the underlying model and interaction design, summarize the personas and discuss the user interfaces implemented in the app.

sted, utgiver, år, opplag, sider
Springer, 2020
Serie
Communications in Computer and Information Science book series, ISSN 1865-0929, E-ISSN 1865-0937
Emneord
Privacy impact awareness, Privacy personas, Privacy risk, Smartphone apps, User education, User interface, Data Sharing, Human computer interaction, Risk assessment, Smartphones, Data extraction, End users, Interaction design, Interactive user interfaces, Privacy risks, Self assessment, User interfaces
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-82949 (URN)10.1007/978-3-030-50732-9_79 (DOI)2-s2.0-85088741692 (Scopus ID)978-3-030-50731-2 (ISBN)978-3-030-50732-9 (ISBN)
Konferanse
International Conference on Human-Computer Interaction, HCI International 2020, 19 July 2020 through 24 July 2020
Tilgjengelig fra: 2021-02-19 Laget: 2021-02-19 Sist oppdatert: 2021-04-28bibliografisk kontrollert
Organisasjoner
Identifikatorer
ORCID-id: ORCID iD iconorcid.org/0000-0002-0418-4121