Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection

Flegel, Ulrich; Kerschbaum, Florian; Miseldine, Philip; Monakova, Ganna; Wacker, Richard; Leymann, Frank

doi:10.1007/978-1-4419-7133-3_7

Cited by 4 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, data must be protected accordingly and falls under the scope of the GDPR. 49 The crucial problem with pseudonymisation is the need to decrypt the data to use data analytics. The decryption exposes personal and sensitive data to various kinds of cyber-attacks.…”

Section: De-identification Anonymisation and Pseudonymisation: Gdpr C...mentioning

confidence: 99%

Homomorphic Encryption: The ‘Holy Grail’ for Big Data Analytics and Legal Compliance in the Pharmaceutical and Healthcare Sector?

Compagnucci¹,

Mészáros²,

Minssen³

et al. 2019

European Pharmaceutical Law Review

View full text Add to dashboard Cite

The pharmaceutical and healthcare sector is a prime target for cybercriminals around the world. These cyber-attacks represent significant challenges in the context of data protection and data security. The General Data Protection Regulation (GDPR) imposes strict rules regarding the processing and analysis of personal data. In conventional approaches, data analysts request data from various sources. Then, they anonymise or pseudonymise the data using various tools and techniques. These methods often use powerful algorithms to ensure a high level of security. However, these methods tend to either reduce the quality of data for further analysis or they expose the data while decrypting it for analysis. Homomorphic Encryption (HE) has recently been touted as the 'Holy Grail' of cryptography since it allows the analysis of big data sets without ever needing to decrypt and thus compromising the confidentiality of the data. This provides a whole new layer of protection and at the same time allows the processing of data for secondary use and scientific research. While HE is not a new technology, it is still in the early stages of development. In this piece, we will introduce a new automated tool for searching and analysing encrypted data using HE techniques, which is being developed within the scope of the EnergyShield project. 1

show abstract

Section: De-identification Anonymisation and Pseudonymisation: Gdpr C...mentioning

confidence: 99%

Homomorphic Encryption: The ‘Holy Grail’ for Big Data Analytics and Legal Compliance in the Pharmaceutical and Healthcare Sector?

Compagnucci¹,

Mészáros²,

Minssen³

et al. 2019

European Pharmaceutical Law Review

View full text Add to dashboard Cite

show abstract

“…For this purpose we extend the model described in [5], which is based on relations between actions, resources, services and events. As motivated in Section 1 and discussed in Section 3 the customer requires evidence of the behavior of the actual executed business process.…”

Section: Technical Architecturementioning

confidence: 99%

MC-Cube: Mastering Customizable Compliance in the Cloud

Anstett

Karastoyanova

Leymann

et al. 2009

Service-Oriented Computing – ICSOC 2007

Self Cite

View full text Add to dashboard Cite

Abstract. Outsourcing parts of a company's processes becomes more and more important in a globalized, distributed economy. While architectural styles and technologies such as service-oriented architecture and Web services facilitate the distribution of business process over several departments, enterprises and countries, these business processes still need to comply with various regulations. These regulations can be company regulations, national, or international regulations. When outsourcing IT-functions, enterprises must ensure that the overall regulations are met. Therefore they need evidence from their outsourcing partners that supports the proof of compliance to regulations. Furthermore it must be possible to enforce the adherence to compliance rules at partners. In this paper we introduce so-called compliance interfaces that can be used by customers to subscribe to evidence at a provider and to enforce regulations at a provider. We introduce a general compliance architecture that allows compliance to be monitored and enforced at services deployed in any emerging cloud delivery model.

show abstract