Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA

Posey, Clay; Raja, Uzma; Crossler, Robert E.; Burns, Alvin C.

doi:10.1057/s41303-017-0065-y

Cited by 27 publications

(17 citation statements)

References 72 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In Posey et al (2017), the authors use advanced data-mining techniques to conduct breach analysis and build a taxonomy of eight major types of personally identifiable information breaches that are currently typical for US organisations. They detail differences in exposure to the breaches and their severity.…”

Section: Resultsmentioning

confidence: 99%

Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda

Lowry

Dinev

Willison

2017

European Journal of Information Systems

141

114

View full text Add to dashboard Cite

In this essay, we outline some important concerns in the hope of improving the effectiveness of security and privacy research. We discuss the need to reexamine our understanding of information technology (IT) and information system (IS) artefacts and to expand the range of the latter to include those artificial phenomena that are crucial to information security and privacy research. We then briefly discuss some prevalent limitations in theory, methodology, and contributions that generally weaken security/privacy studies and jeopardise their chances of publication in a top IS journal. More importantly, we suggest remedies for these weaknesses, identifying specific improvements that can be made and offering a couple of illustrations of such improvements. In particular, we address the notion of loose recontextualisation, using deterrence theory (DT) research as an example. We also provide an illustration of how the focus on intentions may have resulted in an underuse of powerful theories in security and privacy research, because such theories explain more than just intentions. We then outline three promising opportunities for IS research that should be particularly compelling to security and privacy researchers: online platforms, the Internet of things (IoT), and big data. All of these carry innate information security and privacy risks and vulnerabilities that can be addressed only by researching each link of the systems chain, that is, technologies-policies-processes-people-society-economy-legislature. We conclude by suggesting several specific opportunities for new research in these areas.

show abstract

Section: Resultsmentioning

confidence: 99%

Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda

Lowry

Dinev

Willison

2017

European Journal of Information Systems

141

114

View full text Add to dashboard Cite

show abstract

“…This study heuristically selected eight PII, those were highly engaged with the Android app's permissions. While doing this heuristic modeling of PII, the authors used already available knowledge base and literature [46,73,82]. However, this study used a practical assumption to detect eight risky PII (Table 5) where modeling was logical and rational rather than evidence centric.…”

Section: The Heuristic Methods For Android Application Permission and mentioning

confidence: 99%

“…Personal data is something that reveals an individual's identity or features. PII is a popular jargon used in the USA, Korea and Australia [46]. The European Union uses 'personal information' [47].…”

Section: Personal Information and Privacymentioning

confidence: 99%

“…[48][49][50][51] defined partial identity or PPII as "A partial identity is a subset of attribute values of a complete identity, where a complete identity is the union of all attribute values of all identities of this person". Table 1 shows a few examples of PII and PPII [37,46,52,53]. De-identification (Did) is a method by which information is modified in a way that data can no longer directly or indirectly indicate an identity.…”

Section: Personal Information and Privacymentioning

confidence: 99%

See 1 more Smart Citation

Personal Information Classification on Aggregated Android Application’s Permissions

et al. 2019

View full text Add to dashboard Cite

Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the ‘Android permission system’, a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.

show abstract

“…As a result of these events, ethical rules as they apply to academicians are being re-examined (Editorials Nature, 2018). Despite over a decade of research in privacy and security of information in IS (Acquisti & Gross, 2006;Lowry, Dinev, & Willison, 2017;Posey, Raja, Crossler, & Burns, 2017), we cannot assume that the problem is solved. A new approach to privacy and security may be necessary to overcome these challenges.…”

Section: Axiology: What Is Good and To Be Valued And What Should We mentioning

confidence: 99%

Philosophy and information systems: where are we and where should we go?

Hassan

Mingers

Stahl

2018

European Journal of Information Systems

View full text Add to dashboard Cite

Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA

Cited by 27 publications

References 72 publications

Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda

Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda

Personal Information Classification on Aggregated Android Application’s Permissions

Philosophy and information systems: where are we and where should we go?

Contact Info

Product

Resources

About