Privacy Policy | Smokefree 60+

Cancer.gov

The National Cancer Institute (NCI) respects the privacy of users of its websites. This is why we have taken the time to disclose our privacy policy and information collection practices. NCI does not disclose, give, sell, or transfer any personal information about visitors unless required to do so by law. NCI automatically collects a limited amount of information about the use of websites for statistical purposes — that is, to measure the numbers of visitors. This information may be helpful when considering changes that improve our websites for future visitors.

Privacy Policy | FNLCR Staging

Cancer.gov

The privacy of our users is of utmost importance to Frederick National Lab. The policy outlined below establishes how Frederick National Lab will use the information we gather about you from your visit to our website. We may collect and store

Realizing IoT service's policy privacy over publish/subscribe-based middleware.

PubMed

Duan, Li; Zhang, Yang; Chen, Shiping; Wang, Shiyao; Cheng, Bo; Chen, Junliang

2016-01-01

The publish/subscribe paradigm makes IoT service collaborations more scalable and flexible, due to the space, time and control decoupling of event producers and consumers. Thus, the paradigm can be used to establish large-scale IoT service communication infrastructures such as Supervisory Control and Data Acquisition systems. However, preserving IoT service's policy privacy is difficult in this paradigm, because a classical publisher has little control of its own event after being published; and a subscriber has to accept all the events from the subscribed event type with no choice. Few existing publish/subscribe middleware have built-in mechanisms to address the above issues. In this paper, we present a novel access control framework, which is capable of preserving IoT service's policy privacy. In particular, we adopt the publish/subscribe paradigm as the IoT service communication infrastructure to facilitate the protection of IoT services policy privacy. The key idea in our policy-privacy solution is using a two-layer cooperating method to match bi-directional privacy control requirements: (a) data layer for protecting IoT events; and (b) application layer for preserving the privacy of service policy. Furthermore, the anonymous-set-based principle is adopted to realize the functionalities of the framework, including policy embedding and policy encoding as well as policy matching. Our security analysis shows that the policy privacy framework is Chosen-Plaintext Attack secure. We extend the open source Apache ActiveMQ broker by building into a policy-based authorization mechanism to enforce the privacy policy. The performance evaluation results indicate that our approach is scalable with reasonable overheads.

Privacy and policy for genetic research.

PubMed

DeCew, Judith Wagner

2004-01-01

I begin with a discussion of the value of privacy and what we lose without it. I then turn to the difficulties of preserving privacy for genetic information and other medical records in the face of advanced information technology. I suggest three alternative public policy approaches to the problem of protecting individual privacy and also preserving databases for genetic research: (1) governmental guidelines and centralized databases, (2) corporate self-regulation, and (3) my hybrid approach. None of these are unproblematic; I discuss strengths and drawbacks of each, emphasizing the importance of protecting the privacy of sensitive medical and genetic information as well as letting information technology flourish to aid patient care, public health and scientific research.

Reading level of privacy policies on Internet health Web sites.

PubMed

Graber, Mark A; D'Alessandro, Donna M; Johnson-West, Jill

2002-07-01

Most individuals would like to maintain the privacy of their medical information on the World Wide Web (WWW). In response, commercial interests and other sites post privacy policies that are designed to inform users of how their information will be used. However, it is not known if these statements are comprehensible to most WWW users. The purpose of this study was to determine the reading level of privacy statements on Internet health Web sites and to determine whether these statements can inform users of their rights. This was a descriptive study. Eighty Internet health sites were examined and the readability of their privacy policies was determined. The selected sample included the top 25 Internet health sites as well as other sites that a user might encounter while researching a common problem such as high blood pressure. Sixty percent of the sites were commercial (.com), 17.5% were organizations (.org), 8.8% were from the United Kingdom (.uk), 3.8% were United States governmental (.gov), and 2.5% were educational (.edu). The readability level of the privacy policies was calculated using the Flesch, the Fry, and the SMOG readability levels. Of the 80 Internet health Web sites studied, 30% (including 23% of the commercial Web sites) had no privacy policy posted. The average readability level of the remaining sites required 2 years of college level education to comprehend, and no Web site had a privacy policy that was comprehensible by most English-speaking individuals in the United States. The privacy policies of health Web sites are not easily understood by most individuals in the United States and do not serve to inform users of their rights. Possible remedies include rewriting policies to make them comprehensible and protecting online health information by using legal statutes or standardized insignias indicating compliance with a set of privacy standards (eg, "Health on the Net" [HON] http://www.hon.ch).

14 CFR 1212.600 - General policy.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true General policy. 1212.600 Section 1212.600 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.600 General policy. In compliance with the Privacy Act and in accordance...

14 CFR 1212.600 - General policy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false General policy. 1212.600 Section 1212.600 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.600 General policy. In compliance with the Privacy Act and in accordance...

Privacy policies for health social networking sites.

PubMed

Li, Jingquan

2013-01-01

Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data.

Privacy policies for health social networking sites

PubMed Central

Li, Jingquan

2013-01-01

Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data. PMID:23599228

Trust Information and Privacy Policies - Enablers for pHealth and Ubiquitous Health.

PubMed

Ruotsalainen, Pekka; Blobel, Bernd

2014-01-01

pHealth occurs in uncontrolled and unsecure environment where predefined organizational trust does not exist. To be accepted by users, pHealth requires a privacy model where privacy is a personal property, i.e., a person can perform own will and define policies which regulate how personal health information (PHI) is used. Privacy and trust are interconnected concepts. Therefore, before beginning to use pHealth services, the person needs practical and reliable information that enables her or him to determine the trustworthiness level of services. To avoid the use of blind trust, organizations, researchers, policymakers, and standardization organizations have proposed the use of dynamic context-aware policies for privacy management in pHealth. To make meaningful privacy decision, a person should understand the impact of selected policy rules on the processing of PHI in different situations. In this paper, the use of computational trust information for defining privacy polies and reducing their number is proposed. A trust value and understandable trust attributes enable a person to tailor privacy policies requested for trustworthy use of pHealth services. Trust attributes proposed are derived from privacy concerns existing in open ubiquitous environment. These attributes also force pHealth services providers to publish information needed for trust calculation and in this way to support openness and transparency.

Privacy Policies for Apps Targeted Toward Youth: Descriptive Analysis of Readability

PubMed Central

Das, Gitanjali; Cheung, Cynthia; Nebeker, Camille; Bietz, Matthew

2018-01-01

Background Due to the growing availability of consumer information, the protection of personal data is of increasing concern. Objective We assessed readability metrics of privacy policies for apps that are either available to or targeted toward youth to inform strategies to educate and protect youth from unintentional sharing of personal data. Methods We reviewed the 1200 highest ranked apps from the Apple and Google Play Stores and systematically selected apps geared toward youth. After applying exclusion criteria, 99 highly ranked apps geared toward minors remained, 64 of which had a privacy policy. We obtained and analyzed these privacy policies using reading grade level (RGL) as a metric. Policies were further compared as a function of app category (free vs paid; entertainment vs social networking vs utility). Results Analysis of privacy policies for these 64 apps revealed an average RGL of 12.78, which is well above the average reading level (8.0) of adults in the United States. There was also a small but statistically significant difference in word count as a function of app category (entertainment: 2546 words, social networking: 3493 words, and utility: 1038 words; P=.02). Conclusions Although users must agree to privacy policies to access digital tools and products, readability analyses suggest that these agreements are not comprehensible to most adults, let alone youth. We propose that stakeholders, including pediatricians and other health care professionals, play a role in educating youth and their guardians about the use of Web-based services and potential privacy risks, including the unintentional sharing of personal data. PMID:29301737

Privacy Policies for Apps Targeted Toward Youth: Descriptive Analysis of Readability.

PubMed

Das, Gitanjali; Cheung, Cynthia; Nebeker, Camille; Bietz, Matthew; Bloss, Cinnamon

2018-01-04

Due to the growing availability of consumer information, the protection of personal data is of increasing concern. We assessed readability metrics of privacy policies for apps that are either available to or targeted toward youth to inform strategies to educate and protect youth from unintentional sharing of personal data. We reviewed the 1200 highest ranked apps from the Apple and Google Play Stores and systematically selected apps geared toward youth. After applying exclusion criteria, 99 highly ranked apps geared toward minors remained, 64 of which had a privacy policy. We obtained and analyzed these privacy policies using reading grade level (RGL) as a metric. Policies were further compared as a function of app category (free vs paid; entertainment vs social networking vs utility). Analysis of privacy policies for these 64 apps revealed an average RGL of 12.78, which is well above the average reading level (8.0) of adults in the United States. There was also a small but statistically significant difference in word count as a function of app category (entertainment: 2546 words, social networking: 3493 words, and utility: 1038 words; P=.02). Although users must agree to privacy policies to access digital tools and products, readability analyses suggest that these agreements are not comprehensible to most adults, let alone youth. We propose that stakeholders, including pediatricians and other health care professionals, play a role in educating youth and their guardians about the use of Web-based services and potential privacy risks, including the unintentional sharing of personal data. ©Gitanjali Das, Cynthia Cheung, Camille Nebeker, Matthew Bietz, Cinnamon Bloss. Originally published in JMIR Mhealth and Uhealth (http://mhealth.jmir.org), 04.01.2018.

Privacy policy analysis for health information networks and regional health information organizations.

PubMed

Noblin, Alice M

2007-01-01

Regional Health Information Organizations (RHIOs) are forming in response to President George W. Bush's 2004 mandate that medical information be made available electronically to facilitate continuity of care. Privacy concerns are a deterrent to widespread acceptance of RHIOs. The Health Information Portability and Accountability Act of 1996 provides some guidelines for privacy protection. However, most states have stricter guidelines, causing difficulty when RHIOs form across these jurisdictions. This article compares several RHIOs including their privacy policies where available. In addition, studies were reviewed considering privacy concerns of people in the United States and elsewhere. Surveys reveal that Americans are concerned about the privacy of their personal health information and ultimately feel it is the role of the government to provide protection. The purpose of this article is to look at the privacy issues and recommend a policy that may help to resolve some of the concerns of both providers and patients. Policy research and action are needed to move the National Health Information Network toward reality. Efforts to provide consistency in privacy laws are a necessary early step to facilitate the construction and maintenance of RHIOs and the National Health Information Network.

Privacy Policy Enforcement for Ambient Ubiquitous Services

NASA Astrophysics Data System (ADS)

Oyomno, Were; Jäppinen, Pekka; Kerttula, Esa

Ubiquitous service providers leverage miniaturised computing terminals equipped with wireless capabilities to avail new service models. These models are pivoted on personal and inexpensive terminals to customise services to individual preferences. Portability, small sizes and compact keyboards are few features popularising mobile terminals. Features enable storing and carrying of ever increasing proportions of personal data and ability to use them in service adaptations. Ubiquitous services automate deeper soliciting of personal data transparently without the need for user interactions. Transparent solicitations, acquisitions and handling of personal data legitimises privacy concerns regarding disclosures, retention and re-use of the data. This study presents a policy enforcement for ubiquitous services that safeguards handling of users personal data and monitors adherence to stipulated privacy policies. Enforcement structures towards usability and scalability are presented.

Determining the privacy policy deficiencies of health ICT applications through semi-formal modelling.

PubMed

Croll, Peter R

2011-02-01

To ensure that patient confidentiality is securely maintained, health ICT applications that contain sensitive personal information demand comprehensive privacy policies. Determining the adequacy of these policies to meet legal conformity together with clinical users and patient expectation is demanding in practice. Organisations and agencies looking to analyse their Privacy and Security policies can benefit from guidance provided by outside entities such as the Privacy Office of their State or Government together with law firms and ICT specialists. The advice given is not uniform and often open to different interpretations. Of greater concern is the possibility of overlooking any important aspects that later result in a data breach. Based on three case studies, this paper considers whether a more formal approach to privacy analysis could be taken that would help identify the full coverage of a Privacy Impact Analysis and determine the deficiencies with an organisation's current policies and approach. A diagrammatic model showing the relationships between Confidentiality, Privacy, Trust, Security and Safety is introduced. First the validity of this model is determined by mapping it against the real-world case studies taken from three healthcare services that depend on ICT. Then, by using software engineering methods, a formal mapping of the relationships is undertaken to identify a full set of policies needed to satisfy the model. How effective this approach may prove as a generic method for deriving a comprehensive set of policies in health ICT applications is finally discussed. Copyright © 2010 Elsevier Ireland Ltd. All rights reserved.

Insights to develop privacy policy for organization in Indonesia

NASA Astrophysics Data System (ADS)

Rosmaini, E.; Kusumasari, T. F.; Lubis, M.; Lubis, A. R.

2018-03-01

Nowadays, the increased utilization of shared application in the network needs not only dictate to have enhanced security but also emphasize the need to balance its privacy protection and ease of use. Meanwhile, its accessibility and availability as the demand from organization service put privacy obligations become more complex process to be handled and controlled. Nonetheless, the underlying principles for privacy policy exist in Indonesian current laws, even though they spread across various article regulations. Religions, constitutions, statutes, regulations, custom and culture requirements still become the reference model to control the activity process for data collection and information sharing accordingly. Moreover, as the customer and organization often misinterpret their responsibilities and rights in the business function, process and level, the essential thing to be considered for professionals on how to articulate clearly the rules that manage their information gathering and distribution in a manner that translates into information system specification and requirements for developers and managers. This study focus on providing suggestion and recommendation to develop privacy policy based on descriptive analysis of 791 respondents on personal data protection in accordance with political and economic factor in Indonesia.

A software platform to analyse the ethical issues of electronic patient privacy policy: the S3P example.

PubMed

Mizani, M A; Baykal, N

2007-12-01

Paper-based privacy policies fail to resolve the new changes posed by electronic healthcare. Protecting patient privacy through electronic systems has become a serious concern and is the subject of several recent studies. The shift towards an electronic privacy policy introduces new ethical challenges that cannot be solved merely by technical measures. Structured Patient Privacy Policy (S3P) is a software tool assuming an automated electronic privacy policy in an electronic healthcare setting. It is designed to simulate different access levels and rights of various professionals involved in healthcare in order to assess the emerging ethical problems. The authors discuss ethical issues concerning electronic patient privacy policies that have become apparent during the development and application of S3P.

Policy recommendations for addressing privacy challenges associated with cell-based research and interventions.

PubMed

Ogbogu, Ubaka; Burningham, Sarah; Ollenberger, Adam; Calder, Kathryn; Du, Li; El Emam, Khaled; Hyde-Lay, Robyn; Isasi, Rosario; Joly, Yann; Kerr, Ian; Malin, Bradley; McDonald, Michael; Penney, Steven; Piat, Gayle; Roy, Denis-Claude; Sugarman, Jeremy; Vercauteren, Suzanne; Verhenneman, Griet; West, Lori; Caulfield, Timothy

2014-02-03

The increased use of human biological material for cell-based research and clinical interventions poses risks to the privacy of patients and donors, including the possibility of re-identification of individuals from anonymized cell lines and associated genetic data. These risks will increase as technologies and databases used for re-identification become affordable and more sophisticated. Policies that require ongoing linkage of cell lines to donors' clinical information for research and regulatory purposes, and existing practices that limit research participants' ability to control what is done with their genetic data, amplify the privacy concerns. To date, the privacy issues associated with cell-based research and interventions have not received much attention in the academic and policymaking contexts. This paper, arising out of a multi-disciplinary workshop, aims to rectify this by outlining the issues, proposing novel governance strategies and policy recommendations, and identifying areas where further evidence is required to make sound policy decisions. The authors of this paper take the position that existing rules and norms can be reasonably extended to address privacy risks in this context without compromising emerging developments in the research environment, and that exceptions from such rules should be justified using a case-by-case approach. In developing new policies, the broader framework of regulations governing cell-based research and related areas must be taken into account, as well as the views of impacted groups, including scientists, research participants and the general public. This paper outlines deliberations at a policy development workshop focusing on privacy challenges associated with cell-based research and interventions. The paper provides an overview of these challenges, followed by a discussion of key themes and recommendations that emerged from discussions at the workshop. The paper concludes that privacy risks associated with cell

Policy recommendations for addressing privacy challenges associated with cell-based research and interventions

PubMed Central

2014-01-01

Background The increased use of human biological material for cell-based research and clinical interventions poses risks to the privacy of patients and donors, including the possibility of re-identification of individuals from anonymized cell lines and associated genetic data. These risks will increase as technologies and databases used for re-identification become affordable and more sophisticated. Policies that require ongoing linkage of cell lines to donors’ clinical information for research and regulatory purposes, and existing practices that limit research participants’ ability to control what is done with their genetic data, amplify the privacy concerns. Discussion To date, the privacy issues associated with cell-based research and interventions have not received much attention in the academic and policymaking contexts. This paper, arising out of a multi-disciplinary workshop, aims to rectify this by outlining the issues, proposing novel governance strategies and policy recommendations, and identifying areas where further evidence is required to make sound policy decisions. The authors of this paper take the position that existing rules and norms can be reasonably extended to address privacy risks in this context without compromising emerging developments in the research environment, and that exceptions from such rules should be justified using a case-by-case approach. In developing new policies, the broader framework of regulations governing cell-based research and related areas must be taken into account, as well as the views of impacted groups, including scientists, research participants and the general public. Summary This paper outlines deliberations at a policy development workshop focusing on privacy challenges associated with cell-based research and interventions. The paper provides an overview of these challenges, followed by a discussion of key themes and recommendations that emerged from discussions at the workshop. The paper concludes that

Privacy Policy | Frederick National Laboratory for Cancer Research

Cancer.gov

The privacy of our users is of utmost importance to Frederick National Laboratory. The policy outlined below establishes how Frederick National Laboratory will use the information we gather about you from your visit to our website. We may coll

A Content Analysis of Library Vendor Privacy Policies: Do They Meet Our Standards?

ERIC Educational Resources Information Center

Magi, Trina J.

2010-01-01

Librarians have a long history of protecting user privacy, but they have done seemingly little to understand or influence the privacy policies of library resource vendors that increasingly collect user information through Web 2.0-style personalization features. After citing evidence that college students value privacy, this study used content…

Assessing the privacy policies in mobile personal health records.

PubMed

Zapata, Belén Cruz; Hernández Niñirola, Antonio; Fernández-Alemán, José Luis; Toval, Ambrosio

2014-01-01

The huge increase in the number and use of smartphones and tablets has led health service providers to take an interest in mHealth. Popular mobile app markets like Apple App Store or Google Play contain thousands of health applications. Although mobile personal health records (mPHRs) have a number of benefits, important challenges appear in the form of adoption barriers. Security and privacy have been identified as part of these barriers and should be addressed. This paper analyzes and assesses a total of 24 free mPHRs for Android and iOS. Characteristics regarding privacy and security were extracted from the HIPAA. The results show important differences in both the mPHRs and the characteristics analyzed. A questionnaire containing six questions concerning privacy policies was defined. Our questionnaire may assist developers and stakeholders to evaluate the security and privacy of their mPHRs.

76 FR 64115 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-17

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-092)] Privacy Act of 1974; Privacy Act... retirement of one Privacy Act system of records notice. SUMMARY: In accordance with the Privacy Act of 1974, NASA is giving notice that it proposes to cancel the following Privacy Act system of records notice...

78 FR 40515 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-05

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice 13-071] Privacy Act of 1974; Privacy Act System of Records AGENCY: National Aeronautics and Space Administration (NASA). ACTION: Notice of Privacy... training associated with [[Page 40516

Technical and policy approaches to balancing patient privacy and data sharing in clinical and translational research.

PubMed

Malin, Bradley; Karp, David; Scheuermann, Richard H

2010-01-01

Clinical researchers need to share data to support scientific validation and information reuse and to comply with a host of regulations and directives from funders. Various organizations are constructing informatics resources in the form of centralized databases to ensure reuse of data derived from sponsored research. The widespread use of such open databases is contingent on the protection of patient privacy. We review privacy-related problems associated with data sharing for clinical research from technical and policy perspectives. We investigate existing policies for secondary data sharing and privacy requirements in the context of data derived from research and clinical settings. In particular, we focus on policies specified by the US National Institutes of Health and the Health Insurance Portability and Accountability Act and touch on how these policies are related to current and future use of data stored in public database archives. We address aspects of data privacy and identifiability from a technical, although approachable, perspective and summarize how biomedical databanks can be exploited and seemingly anonymous records can be reidentified using various resources without hacking into secure computer systems. We highlight which clinical and translational data features, specified in emerging research models, are potentially vulnerable or exploitable. In the process, we recount a recent privacy-related concern associated with the publication of aggregate statistics from pooled genome-wide association studies that have had a significant impact on the data sharing policies of National Institutes of Health-sponsored databanks. Based on our analysis and observations we provide a list of recommendations that cover various technical, legal, and policy mechanisms that open clinical databases can adopt to strengthen data privacy protection as they move toward wider deployment and adoption.

Technical and Policy Approaches to Balancing Patient Privacy and Data Sharing in Clinical and Translational Research

PubMed Central

Malin, Bradley; Karp, David; Scheuermann, Richard H.

2010-01-01

Clinical researchers need to share data to support scientific validation and information reuse, and to comply with a host of regulations and directives from funders. Various organizations are constructing informatics resources in the form of centralized databases to ensure widespread availability of data derived from sponsored research. The widespread use of such open databases is contingent on the protection of patient privacy. In this paper, we review several aspects of the privacy-related problems associated with data sharing for clinical research from technical and policy perspectives. We begin with a review of existing policies for secondary data sharing and privacy requirements in the context of data derived from research and clinical settings. In particular, we focus on policies specified by the U.S. National Institutes of Health and the Health Insurance Portability and Accountability Act and touch upon how these policies are related to current, as well as future, use of data stored in public database archives. Next, we address aspects of data privacy and “identifiability” from a more technical perspective, and review how biomedical databanks can be exploited and seemingly anonymous records can be “re-identified” using various resources without compromising or hacking into secure computer systems. We highlight which data features specified in clinical research data models are potentially vulnerable or exploitable. In the process, we recount a recent privacy-related concern associated with the publication of aggregate statistics from pooled genome-wide association studies that has had a significant impact on the data sharing policies of NIH-sponsored databanks. Finally, we conclude with a list of recommendations that cover various technical, legal, and policy mechanisms that open clinical databases can adopt to strengthen data privacy protections as they move toward wider deployment and adoption. PMID:20051768

A Deterrence Approach to Regulate Nurses' Compliance with Electronic Medical Records Privacy Policy.

PubMed

Kuo, Kuang-Ming; Talley, Paul C; Hung, Ming-Chien; Chen, Yen-Liang

2017-11-03

Hospitals have become increasingly aware that electronic medical records (EMR) may bring about tangible/intangible benefits to managing institutions, including reduced medical errors, improved quality-of-care, curtailed costs, and allowed access to patient information by healthcare professionals regardless of limitations. However, increased dependence on EMR has led to a corresponding increase in the influence of EMR breaches. Such incursions, which have been significantly facilitated by the introduction of mobile devices for accessing EMR, may induce tangible/intangible damage to both hospitals and concerned individuals. The purpose of this study was to explore factors which may tend to inhibit nurses' intentions to violate privacy policy concerning EMR based upon the deterrence theory perspective. Utilizing survey methodology, 262 responses were analyzed via structural equation modeling. Results revealed that punishment certainty, detection certainty, and subjective norm would most certainly and significantly reduce nurses' intentions to violate established EMR privacy policy. With these findings, recommendations for health administrators in planning and designing effective strategies which may potentially inhibit nurses from violating EMR privacy policy are discussed.

Compliance With Electronic Medical Records Privacy Policy: An Empirical Investigation of Hospital Information Technology Staff

PubMed Central

Sher, Ming-Ling; Talley, Paul C.; Yang, Ching-Wen; Kuo, Kuang-Ming

2017-01-01

The employment of Electronic Medical Records is expected to better enhance health care quality and to relieve increased financial pressure. Electronic Medical Records are, however, potentially vulnerable to security breaches that may result in a rise of patients’ privacy concerns. The purpose of our study was to explore the factors that motivate hospital information technology staff’s compliance with Electronic Medical Records privacy policy from the theoretical lenses of protection motivation theory and the theory of reasoned action. The study collected data using survey methodology. A total of 310 responses from information technology staff of 7 medical centers in Taiwan was analyzed using the Structural Equation Modeling technique. The results revealed that perceived vulnerability and perceived severity of threats from Electronic Medical Records breaches may be used to predict the information technology staff’s fear arousal level. And factors including fear arousal, response efficacy, self-efficacy, and subjective norm, in their turn, significantly predicted IT staff’s behavioral intention to comply with privacy policy. Response cost was not found to have any relationship with behavioral intention. Based on the findings, we suggest that hospitals could plan and design effective strategies such as initiating privacy-protection awareness and skills training programs to improve information technology staff member’s adherence to privacy policy. Furthermore, enhancing the privacy-protection climate in hospitals is also a viable means to the end. Further practical and research implications are also discussed.

48 CFR 1837.203 - Policy. (NASA supplements paragraph (c))

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Policy. (NASA supplements... Services 1837.203 Policy. (NASA supplements paragraph (c)) (c) Advisory and assistance services of... 3300.1, Appointment of Personnel To/From NASA, Chapter 4, Employment of Experts and Consultants). [62...

48 CFR 1837.203 - Policy. (NASA supplements paragraph (c))

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Policy. (NASA supplements... Services 1837.203 Policy. (NASA supplements paragraph (c)) (c) Advisory and assistance services of... 3300.1, Appointment of Personnel To/From NASA, Chapter 4, Employment of Experts and Consultants). [62...

48 CFR 1837.203 - Policy. (NASA supplements paragraph (c))

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. (NASA supplements... Services 1837.203 Policy. (NASA supplements paragraph (c)) (c) Advisory and assistance services of... 3300.1, Appointment of Personnel To/From NASA, Chapter 4, Employment of Experts and Consultants). [62...

48 CFR 1837.203 - Policy. (NASA supplements paragraph (c))

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. (NASA supplements... Services 1837.203 Policy. (NASA supplements paragraph (c)) (c) Advisory and assistance services of... 3300.1, Appointment of Personnel To/From NASA, Chapter 4, Employment of Experts and Consultants). [62...

48 CFR 1837.203 - Policy. (NASA supplements paragraph (c))

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Policy. (NASA supplements... Services 1837.203 Policy. (NASA supplements paragraph (c)) (c) Advisory and assistance services of... 3300.1, Appointment of Personnel To/From NASA, Chapter 4, Employment of Experts and Consultants). [62...

Privacy Policy of NOAA's National Weather Service - NOAA's National Weather

Science.gov Websites

Safety Weather Radio Hazard Assmt... StormReady / TsunamiReady Skywarn(tm) Education/Outreach Information , and National Weather Service information collection practices. This Privacy Policy Statement applies only to National Weather Service web sites. Some organizations within NOAA may have other information

48 CFR 1813.003 - Policy. (NASA supplements paragraph (g))

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Policy. (NASA supplements paragraph (g)) 1813.003 Section 1813.003 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Policy. (NASA supplements paragraph (g)) (g) Acquisitions under these simplified acquisition procedures...

48 CFR 1813.003 - Policy. (NASA supplements paragraph (g))

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Policy. (NASA supplements paragraph (g)) 1813.003 Section 1813.003 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Policy. (NASA supplements paragraph (g)) (g) Acquisitions under these simplified acquisition procedures...

48 CFR 1813.003 - Policy. (NASA supplements paragraph (g))

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. (NASA supplements paragraph (g)) 1813.003 Section 1813.003 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Policy. (NASA supplements paragraph (g)) (g) Acquisitions under these simplified acquisition procedures...

48 CFR 1813.003 - Policy. (NASA supplements paragraph (g))

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. (NASA supplements paragraph (g)) 1813.003 Section 1813.003 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Policy. (NASA supplements paragraph (g)) (g) Acquisitions under these simplified acquisition procedures...

48 CFR 1813.003 - Policy. (NASA supplements paragraph (g))

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Policy. (NASA supplements paragraph (g)) 1813.003 Section 1813.003 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Policy. (NASA supplements paragraph (g)) (g) Acquisitions under these simplified acquisition procedures...

48 CFR 1815.602 - Policy. (NASA paragraphs (1) and (2))

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. (NASA paragraphs... Proposals 1815.602 Policy. (NASA paragraphs (1) and (2)) (1) An unsolicited proposal may result in the award... is used, the NASA Grant and Cooperative Agreement Handbook (NPR 5800.1) applies. (2) Renewal...

48 CFR 1815.602 - Policy. (NASA paragraphs (1) and (2))

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Policy. (NASA paragraphs... Proposals 1815.602 Policy. (NASA paragraphs (1) and (2)) (1) An unsolicited proposal may result in the award... is used, the NASA Grant and Cooperative Agreement Handbook (NPR 5800.1) applies. (2) Renewal...

48 CFR 1815.602 - Policy. (NASA paragraphs (1) and (2))

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Policy. (NASA paragraphs... Proposals 1815.602 Policy. (NASA paragraphs (1) and (2)) (1) An unsolicited proposal may result in the award... is used, the NASA Grant and Cooperative Agreement Handbook (NPR 5800.1) applies. (2) Renewal...

48 CFR 1815.602 - Policy. (NASA paragraphs (1) and (2))

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. (NASA paragraphs... Proposals 1815.602 Policy. (NASA paragraphs (1) and (2)) (1) An unsolicited proposal may result in the award... is used, the NASA Grant and Cooperative Agreement Handbook (NPR 5800.1) applies. (2) Renewal...

Customer privacy on UK healthcare websites.

PubMed

Mundy, Darren P

2006-09-01

Privacy has been and continues to be one of the key challenges of an age devoted to the accumulation, processing, and mining of electronic information. In particular, privacy of healthcare-related information is seen as a key issue as health organizations move towards the electronic provision of services. The aim of the research detailed in this paper has been to analyse privacy policies on popular UK healthcare-related websites to determine the extent to which consumer privacy is protected. The author has combined approaches (such as approaches focused on usability, policy content, and policy quality) used in studies by other researchers on e-commerce and US healthcare websites to provide a comprehensive analysis of UK healthcare privacy policies. The author identifies a wide range of issues related to the protection of consumer privacy through his research analysis using quantitative results. The main outcomes from the author's research are that only 61% of healthcare-related websites in their sample group posted privacy policies. In addition, most of the posted privacy policies had poor readability standards and included a variety of privacy vulnerability statements. Overall, the author's findings represent significant current issues in relation to healthcare information protection on the Internet. The hope is that raising awareness of these results will drive forward changes in the industry, similar to those experienced with information quality.

48 CFR 1815.602 - Policy. (NASA paragraphs (1) and (2))

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Policy. (NASA paragraphs (1... Proposals 1815.602 Policy. (NASA paragraphs (1) and (2)) (1) An unsolicited proposal may result in the award... is used, the NASA Grant and Cooperative Agreement Handbook (NPR 5800.1) applies. (2) Renewal...

Identity management and privacy languages technologies: Improving user control of data privacy

NASA Astrophysics Data System (ADS)

García, José Enrique López; García, Carlos Alberto Gil; Pacheco, Álvaro Armenteros; Organero, Pedro Luis Muñoz

The identity management solutions have the capability to bring confidence to internet services, but this confidence could be improved if user has more control over the privacy policy of its attributes. Privacy languages could help to this task due to its capability to define privacy policies for data in a very flexible way. So, an integration problem arises: making work together both identity management and privacy languages. Despite several proposals for accomplishing this have already been defined, this paper suggests some topics and improvements that could be considered.

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

PubMed

Carrión Señor, Inmaculada; Fernández-Alemán, José Luis; Toval, Ambrosio

2012-08-23

Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

PubMed Central

Fernández-Alemán, José Luis; Toval, Ambrosio

2012-01-01

Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

PubMed

Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

2013-08-01

Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

Medical policy development for human spaceflight at NASA: an evolution.

PubMed

Doarn, Charles R

2011-11-01

Codification of medical policy for the National Aeronautics and Space Administration (NASA) did not occur until 1977. Policy development was based on NASA's human spaceflight efforts from 1958, and the need to support the operational aspects of the upcoming Space Shuttle Program as well as other future activities. In 1958, the Space Task Group (STG), a part of the National Advisory Committee on Aeronautics (NACA), became the focal point for astronaut selection, medical support, and instrumentation development in support of Project Mercury. NACA transitioned into NASA in 1958. The STG moved to Houston, TX, in 1961 and became the Manned Spacecraft Center. During these early years, medical support for astronaut selection and healthcare was provided through arrangements with the U.S. military, specifically the United States Air Force, which had the largest group of subject matter experts in aerospace medicine. Through most of the 1960s, the military worked very closely with NASA in developing the foundations of bioastronautics and space medicine. This work was complemented by select individuals from outside the government. From 1958 to 1977, there was no standard approach to medical policy formulation within NASA. During this time, it was individualized and subjected to political pressures. This manuscript documents the evolution of medical policy in the NASA, and provides a historical account of the individuals, processes, and needs to develop policy.

Privacy and health in the information age: a content analysis of health web site privacy policy statements.

PubMed

Rains, Stephen A; Bosch, Leslie A

2009-07-01

This article reports a content analysis of the privacy policy statements (PPSs) from 97 general reference health Web sites that was conducted to examine the ways in which visitors' privacy is constructed by health organizations. PPSs are formal documents created by the Web site owner to describe how information regarding site visitors and their behavior is collected and used. The results show that over 80% of the PPSs in the sample indicated automatically collecting or requesting that visitors voluntarily provide information about themselves, and only 3% met all five of the Federal Trade Commission's Fair Information Practices guidelines. Additionally, the results suggest that the manner in which PPSs are framed and the use of justifications for collecting information are tropes used by health organizations to foster a secondary exchange of visitors' personal information for access to Web site content.

Developing a NASA Lead-Free Policy for Electronics - Lessons Learned

NASA Technical Reports Server (NTRS)

Sampson, Michael J.

2008-01-01

The National Aeronautics and Space Administration (NASA) is not required by United States or international law to use lead-free (Pb-free) electronic systems but international pressure in the world market is making it increasingly important that NASA have a Pb-free policy. In fact, given the international nature of the electronics market, all organizations need a Pb-free policy. This paper describes the factors which must be taken into account in formulating the policy, the tools to aid in structuring the policy and the unanticipated and difficult challenges encountered. NASA is participating in a number of forums and teams trying to develop effective approaches to controlling Pb-free adoption in high reliability systems. The activities and status of the work being done by these teams will be described. NASA also continues to gather information on metal whiskers, particularly tin based, and some recent examples will be shared. The current lack of a policy is resulting in "surprises" and the need to disposition undesirable conditions on a case-by-case basis. This is inefficient, costly and can result in sub-optimum outcomes.

48 CFR 1832.202-1 - Policy. (NASA supplements paragraph (b))

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Policy. (NASA supplements paragraph (b)) 1832.202-1 Section 1832.202-1 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Financing 1832.202-1 Policy. (NASA supplements paragraph (b)) (b)(6) Advance payment limitations do not...

48 CFR 1832.202-1 - Policy. (NASA supplements paragraph (b))

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Policy. (NASA supplements paragraph (b)) 1832.202-1 Section 1832.202-1 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Financing 1832.202-1 Policy. (NASA supplements paragraph (b)) (b)(6) Advance payment limitations do not...

48 CFR 1832.202-1 - Policy. (NASA supplements paragraph (b))

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. (NASA supplements paragraph (b)) 1832.202-1 Section 1832.202-1 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Financing 1832.202-1 Policy. (NASA supplements paragraph (b)) (b)(6) Advance payment limitations do not...

48 CFR 1832.202-1 - Policy. (NASA supplements paragraph (b))

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. (NASA supplements paragraph (b)) 1832.202-1 Section 1832.202-1 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Financing 1832.202-1 Policy. (NASA supplements paragraph (b)) (b)(6) Advance payment limitations do not...

48 CFR 1832.202-1 - Policy. (NASA supplements paragraph (b))

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Policy. (NASA supplements paragraph (b)) 1832.202-1 Section 1832.202-1 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND... Financing 1832.202-1 Policy. (NASA supplements paragraph (b)) (b)(6) Advance payment limitations do not...

Fixing Broken Doors: Strategies for Drafting Privacy Policies Young People Can Understand

ERIC Educational Resources Information Center

Micheti, Anca; Burkell, Jacquelyn; Steeves, Valerie

2010-01-01

The goal of this project is to identify guidelines for privacy policies that children and teens can accurately interpret with relative ease. A three-pronged strategy was used to achieve this goal. First, an analysis of the relevant literature on reading was undertaken to identify the document features that affect comprehension. Second, focus…

A Model Privacy Statement for Ohio Library Web Sites.

ERIC Educational Resources Information Center

Monaco, Michael J.

The purpose of this research was to develop a model privacy policy statement for library World Wide Web sites. First, standards of privacy protection were identified. These standards were culled from the privacy and confidentiality policies of the American Library Association, the Federal Trade Commission's online privacy reports, the guidelines…

EGRP Privacy Policy & Disclaimers

Cancer.gov

The Epidemiology and Genomics Research Program complies with requirements for privacy and security established by the Office of Management and Budget, Department of Health and Human Services, the National Institutes of Health, and the National Cancer Institute.

A multimethod approach to examining usability of Web privacy polices and user agents for specifying privacy preferences.

PubMed

Proctor, Robert W; Vu, Kim-Phuong L

2007-05-01

Because all research methods have strengths and weaknesses, a multimethod approach often provides the best way to understand human behavior in applied settings. We describe how a multimethod approach was employed in a series of studies designed to examine usability issues associated with two aspects of online privacy: comprehension of privacy policies and configuration of privacy preferences for an online user agent. Archival research, user surveys, data mining, quantitative observations, and controlled experiments each yielded unique findings that, together, contributed to increased understanding of online-privacy issues for users. These findings were used to evaluate the accessibility of Web privacy policies to computer-literate users, determine whether people can configure user agents to achieve specific privacy goals, and discover ways in which the usability of those agents can be improved.

Autonomy and Privacy in Clinical Laboratory Science Policy and Practice.

PubMed

Leibach, Elizabeth Kenimer

2014-01-01

Rapid advancements in diagnostic technologies coupled with growth in testing options and choices mandate the development of evidence-based testing algorithms linked to the care paths of the major chronic diseases and health challenges encountered most frequently. As care paths are evaluated, patient/consumers become partners in healthcare delivery. Clinical laboratory scientists find themselves firmly embedded in both quality improvement and clinical research with an urgent need to translate clinical laboratory information into knowledge required by practitioners and patient/consumers alike. To implement this patient-centered care approach in clinical laboratory science, practitioners must understand their roles in (1) protecting patient/consumer autonomy in the healthcare informed consent process and (2) assuring patient/consumer privacy and confidentiality while blending quality improvement study findings with protected health information. A literature review, describing the current ethical environment, supports a consultative role for clinical laboratory scientists in the clinical decision-making process and suggests guidance for policy and practice regarding the principle of autonomy and its associated operational characteristics: informed consent and privacy.

Temporal Mode-Checking for Runtime Monitoring of Privacy Policies

DTIC Science & Technology

2014-05-28

is a natural number. For any arbitrary i, j ∈ N with i > j , τi > τj (monotonicity). The environment η maps free variables to values in D. Given an...and for all j , where j ∈ N and k < j ≤ i, it implies that L, τ, j , η |= ϕ1 holds. • L, τ, i, η |=Iϕ iff there exists k ≥ i, where k ∈ N, such that (τk...and for all j , where j ∈ N and i ≤ j < k, it implies that L, τ, j , η |= ϕ1 holds. 3 Example policy. The following GMP formula represents a privacy

Achieving Privacy in a Federated Identity Management System

NASA Astrophysics Data System (ADS)

Landau, Susan; Le van Gong, Hubert; Wilton, Robin

Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated identity- management systems. The protections include minimal disclosure and providing PII only on a “need-to-know” basis. We then look at the Liberty Alliance system and analyze previous privacy critiques of that system. We show how law and policy provide privacy protections in federated identity-management systems, and that privacy threats are best handled using a combination of technology and law/policy tools.

Security measures required for HIPAA privacy.

PubMed

Amatayakul, M

2000-01-01

HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

Privacy-related context information for ubiquitous health.

PubMed

Seppälä, Antto; Nykänen, Pirkko; Ruotsalainen, Pekka

2014-03-11

Ubiquitous health has been defined as a dynamic network of interconnected systems. A system is composed of one or more information systems, their stakeholders, and the environment. These systems offer health services to individuals and thus implement ubiquitous computing. Privacy is the key challenge for ubiquitous health because of autonomous processing, rich contextual metadata, lack of predefined trust among participants, and the business objectives. Additionally, regulations and policies of stakeholders may be unknown to the individual. Context-sensitive privacy policies are needed to regulate information processing. Our goal was to analyze privacy-related context information and to define the corresponding components and their properties that support privacy management in ubiquitous health. These properties should describe the privacy issues of information processing. With components and their properties, individuals can define context-aware privacy policies and set their privacy preferences that can change in different information-processing situations. Scenarios and user stories are used to analyze typical activities in ubiquitous health to identify main actors, goals, tasks, and stakeholders. Context arises from an activity and, therefore, we can determine different situations, services, and systems to identify properties for privacy-related context information in information-processing situations. Privacy-related context information components are situation, environment, individual, information technology system, service, and stakeholder. Combining our analyses and previously identified characteristics of ubiquitous health, more detailed properties for the components are defined. Properties define explicitly what context information for different components is needed to create context-aware privacy policies that can control, limit, and constrain information processing. With properties, we can define, for example, how data can be processed or how components

Privacy Policy | DoDLive

Science.gov Websites

Assistant Secretary of Defense-Public Affairs. Information presented on this website is considered public information and may be distributed or copied unless otherwise specified. Use of appropriate byline/photo/image credits is requested. Privacy Act Statement - If you choose to provide us with personal information - like

International Policies on Sharing Genomic Research Results with Relatives: Approaches to Balancing Privacy with Access

PubMed Central

Branum, Rebecca; Wolf, Susan M.

2015-01-01

Returning genetic research results to raises complex issues. In order to inform the U.S. debate, this paper analyzes international law and policies governing the sharing of genetic research results with relatives and identifies key themes and lessons. The laws and policies from other countries demonstrate a range of approaches to balancing individual privacy and autonomy with family access for health benefit, offering important lessons for further development of approaches in the United States. PMID:26479568

Technology, Privacy, and Electronic Freedom of Speech.

ERIC Educational Resources Information Center

McDonald, Frances M.

1986-01-01

Explores five issues related to technology's impact on privacy and access to information--regulation and licensing of the press, electronic surveillance, invasion of privacy, copyright, and policy-making and regulation. The importance of First Amendment rights and civil liberties in forming a coherent national information policy is stressed.…

The Privacy Jungle:On the Market for Data Protection in Social Networks

NASA Astrophysics Data System (ADS)

Bonneau, Joseph; Preibusch, Sören

We have conducted the first thorough analysis of the market for privacy practices and policies in online social networks. From an evaluation of 45 social networking sites using 260 criteria we find that many popular assumptions regarding privacy and social networking need to be revisited when considering the entire ecosystem instead of only a handful of well-known sites. Contrary to the common perception of an oligopolistic market, we find evidence of vigorous competition for new users. Despite observing many poor security practices, there is evidence that social network providers are making efforts to implement privacy enhancing technologies with substantial diversity in the amount of privacy control offered. However, privacy is rarely used as a selling point, even then only as auxiliary, nondecisive feature. Sites also failed to promote their existing privacy controls within the site. We similarly found great diversity in the length and content of formal privacy policies, but found an opposite promotional trend: though almost all policies are not accessible to ordinary users due to obfuscating legal jargon, they conspicuously vaunt the sites' privacy practices. We conclude that the market for privacy in social networks is dysfunctional in that there is significant variation in sites' privacy controls, data collection requirements, and legal privacy policies, but this is not effectively conveyed to users. Our empirical findings motivate us to introduce the novel model of a privacy communication game, where the economically rational choice for a site operator is to make privacy control available to evade criticism from privacy fundamentalists, while hiding the privacy control interface and privacy policy to maximize sign-up numbers and encourage data sharing from the pragmatic majority of users.

Privacy-Related Context Information for Ubiquitous Health

PubMed Central

Nykänen, Pirkko; Ruotsalainen, Pekka

2014-01-01

Background Ubiquitous health has been defined as a dynamic network of interconnected systems. A system is composed of one or more information systems, their stakeholders, and the environment. These systems offer health services to individuals and thus implement ubiquitous computing. Privacy is the key challenge for ubiquitous health because of autonomous processing, rich contextual metadata, lack of predefined trust among participants, and the business objectives. Additionally, regulations and policies of stakeholders may be unknown to the individual. Context-sensitive privacy policies are needed to regulate information processing. Objective Our goal was to analyze privacy-related context information and to define the corresponding components and their properties that support privacy management in ubiquitous health. These properties should describe the privacy issues of information processing. With components and their properties, individuals can define context-aware privacy policies and set their privacy preferences that can change in different information-processing situations. Methods Scenarios and user stories are used to analyze typical activities in ubiquitous health to identify main actors, goals, tasks, and stakeholders. Context arises from an activity and, therefore, we can determine different situations, services, and systems to identify properties for privacy-related context information in information-processing situations. Results Privacy-related context information components are situation, environment, individual, information technology system, service, and stakeholder. Combining our analyses and previously identified characteristics of ubiquitous health, more detailed properties for the components are defined. Properties define explicitly what context information for different components is needed to create context-aware privacy policies that can control, limit, and constrain information processing. With properties, we can define, for example, how

14 CFR 1212.700 - NASA employees.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false NASA employees. 1212.700 Section 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible for adhering...

14 CFR 1212.700 - NASA employees.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true NASA employees. 1212.700 Section 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible for adhering...

14 CFR 1212.700 - NASA employees.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false NASA employees. 1212.700 Section 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible for adhering...

14 CFR 1212.700 - NASA employees.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false NASA employees. 1212.700 Section 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible for adhering...

International Policies on Sharing Genomic Research Results with Relatives: Approaches to Balancing Privacy with Access.

PubMed

Branum, Rebecca; Wolf, Susan M

2015-01-01

Returning genetic research results to relatives raises complex issues. In order to inform the U.S. debate, this paper analyzes international law and policies governing the sharing of genetic research results with relatives and identifies key themes and lessons. The laws and policies from other countries demonstrate a range of approaches to balancing individual privacy and autonomy with family access for health benefit, offering important lessons for further development of approaches in the United States. © 2015 American Society of Law, Medicine & Ethics, Inc.

Digital Privacy: Toward a New Politics and Discursive Practice.

ERIC Educational Resources Information Center

Doty, Philip

2001-01-01

Discussion of privacy focuses on digital environments and a more inclusive understanding of privacy. Highlights include legal and policy conceptions; legislation protecting privacy; relevant Supreme Court cases; torts and privacy; European and other efforts; surveillance and social control; information entrepreneurialism; Jurgen Habermas; free…

12 CFR 332.2 - Model privacy form and examples.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 12 Banks and Banking 5 2012-01-01 2012-01-01 false Model privacy form and examples. 332.2 Section... POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION § 332.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions...

12 CFR 332.2 - Model privacy form and examples.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 5 2014-01-01 2014-01-01 false Model privacy form and examples. 332.2 Section... POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION § 332.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions...

12 CFR 332.2 - Model privacy form and examples.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 4 2011-01-01 2011-01-01 false Model privacy form and examples. 332.2 Section... POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION § 332.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in Appendix A of this part, consistent with the instructions...

12 CFR 332.2 - Model privacy form and examples.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Model privacy form and examples. 332.2 Section... POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION § 332.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in appendix A of this part, consistent with the instructions...

12 CFR 332.2 - Model privacy form and examples.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Model privacy form and examples. 332.2 Section... POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION § 332.2 Model privacy form and examples. (a) Model privacy form. Use of the model privacy form in Appendix A of this part, consistent with the instructions...

76 FR 78050 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...: Personnel Security Records, Personal Identity Records including NASA visitor files, Emergency Data Records... in the public interest and which would not constitute an unwarranted invasion of personal privacy..., personal injuries, or the loss or damage of property: (a) Individuals involved in such incidents; (b...

16 CFR 313.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 16 Commercial Practices 1 2014-01-01 2014-01-01 false Initial privacy notice to consumers required... CONGRESS PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 313.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual who...

16 CFR 313.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 16 Commercial Practices 1 2011-01-01 2011-01-01 false Annual privacy notice to customers required... CONGRESS PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 313.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during the...

16 CFR 313.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 16 Commercial Practices 1 2012-01-01 2012-01-01 false Annual privacy notice to customers required... CONGRESS PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 313.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during the...

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual who...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during the...

16 CFR 313.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 16 Commercial Practices 1 2014-01-01 2014-01-01 false Annual privacy notice to customers required... CONGRESS PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 313.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during the...

16 CFR 313.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 16 Commercial Practices 1 2011-01-01 2011-01-01 false Initial privacy notice to consumers required... CONGRESS PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 313.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual who...

16 CFR 313.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 16 Commercial Practices 1 2012-01-01 2012-01-01 false Initial privacy notice to consumers required... CONGRESS PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 313.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual who...

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

NASA Astrophysics Data System (ADS)

Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

76 FR 64114 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-17

....C. 2473 (2003); Federal Records Act, 44 U.S.C. 3101 (2003); Chief Financial Officers Act of 1990 205.... ADDRESSES: Patti F. Stockman, Privacy Act Officer, Office of the Chief Information Officer, National... Information Officer. NASA 10CFMR SYSTEM NAME: Core Financial Management Records. SECURITY CLASSIFICATION: This...

77 FR 69898 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-21

... System of Records AGENCY: National Aeronautics and Space Administration (NASA). ACTION: Notice of proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the... notice of its intention to revise a previously noticed system of records Earth Observing System Data and...

14 CFR § 1212.700 - NASA employees.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false NASA employees. § 1212.700 Section § 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible...

12 CFR 716.5 - Annual privacy notice to members required.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Annual privacy notice to members required. 716... UNIONS PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 716.5 Annual privacy... members that accurately reflects your privacy policies and practices not less than annually during the...

Altered states: state health privacy laws and the impact of the Federal Health Privacy Rule.

PubMed

Pritts, Joy L

2002-01-01

Although the Federal Health Privacy Rule has evened out some of the inconsistencies between states' health privacy laws, gaps in protection still remain. Furthermore, the Federal Rule contains some lax standards for the disclosure of health information. State laws can play a vital role in filling these gaps and strengthening the protections afforded health information. By enacting legislation that has higher privacy-protective standards than the Federal Health Privacy Rule, states can play three important roles. First, because they can directly regulate entities that are beyond HHS's mandate, states can afford their citizens a broader degree of privacy protection than the Federal Health Privacy Rule. Second, by having state health privacy laws, states can enforce privacy protections at the local level. Finally, action by the states can positively influence health privacy policies at the federal level by raising the standard as to what constitutes sufficient privacy protection. High privacy protections imposed by states may serve as the standard for comprehensive federal legislation, if and when Congress reconsiders the issue. So far, states' reactions to the Federal Privacy Rule have been mixed. Only time will tell whether states will assume the mantle of leadership on health privacy or relinquish their role as the primary protectors of health information.

Policies and Procedures for Accessing Archived NASA Data via the Web

NASA Technical Reports Server (NTRS)

James, Nathan

2011-01-01

The National Space Science Data Center (NSSDC) was established by NASA to provide for the preservation and dissemination of scientific data from NASA missions. This white paper will address the NSSDC policies that govern data preservation and dissemination and the various methods of accessing NSSDC-archived data via the web.

Regulation, Privacy and Security: Chairman's Opening Remarks

PubMed Central

Gabrieli, E.R.

1979-01-01

Medical privacy is a keystone of a free democratic society. To conserve the right of the patient to medical privacy, computerization of the medical data must be regulated. This paper enumerates some steps to be taken urgently for the protection of computerized sensitive medical data. A computer-oriented medical lexicon is urgently needed for accurate coding. Health industry standards should be drafted. The goals of various data centers must be sharply defined to avoid conflicts of interest. Medical privacy should be studied further, and medical data centers should consider cost-effectiveness. State boards for medical privacy should be created to monitor data security procedures. There is a need for purposeful decentralization. A national medical information policy should be drafted, and a national clinical information board should implement the nation's medical information policy.

12 CFR 332.9 - Delivering privacy and opt out notices.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Delivering privacy and opt out notices. 332.9... GENERAL POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.9 Delivering privacy and opt out notices. (a) How to provide notices. You must provide any privacy notices and opt out...

Privacy and Biobanking in China: A Case of Policy in Transition.

PubMed

Chen, Haidan; Chan, Benny; Joly, Yann

2015-01-01

Disease-based biobanks have operated in hospitals and research institutes in China for decades, and China has recently embarked on a plan to establish further biobank networks with the aim of promoting data sharing among the existing biobanks. Although the Chinese Constitution has only recently begun to recognize individual privacy as a distinct and independent constitutional right, biobanking in China has been loosely regulated under a patchwork of sometimes overlapping laws (such as the Interim Measures for the Administration of Human Genetic Resources) and regulatory instruments, as well as and the policies of individual biobanks and networks of biobanks (such as the Shanghai Biobank Network Guidelines). A Draft Ordinance on Human Genetics Resources is currently being developed that will deal in more detail than previous laws with issues such as management measures, legal liability, and punishment for violations. International data sharing will be tightly regulated under this new law, and individual biobanks' policies such as the Shanghai Guidelines may choose to regulate such sharing even more. In contrast with national regulatory instruments, the Shanghai Guidelines also contain detailed de-identification policies, and explicitly endorse broad consent. © 2015 American Society of Law, Medicine & Ethics, Inc.

14 CFR 1212.200 - Determining existence of records subject to the Privacy Act.

Code of Federal Regulations, 2010 CFR

2010-01-01

... requests under the Privacy Act made by individuals concerning records about themselves: (a) To determine if... the Privacy Act. 1212.200 Section 1212.200 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.200 Determining existence of records subject...

14 CFR 1212.703 - NASA Chief Information Officer.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false NASA Chief Information Officer. 1212.703 Section 1212.703 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.703 NASA Chief Information Officer. (a) The NASA Chief...

Users or Students? Privacy in University MOOCS.

PubMed

Jones, Meg Leta; Regner, Lucas

2016-10-01

Two terms, student privacy and Massive Open Online Courses, have received a significant amount of attention recently. Both represent interesting sites of change in entrenched structures, one educational and one legal. MOOCs represent something college courses have never been able to provide: universal access. Universities not wanting to miss the MOOC wave have started to build MOOC courses and integrate them into the university system in various ways. However, the design and scale of university MOOCs create tension for privacy laws intended to regulate information practices exercised by educational institutions. Are MOOCs part of the educational institutions these laws and policies aim to regulate? Are MOOC users students whose data are protected by aforementioned laws and policies? Many university researchers and faculty members are asked to participate as designers and instructors in MOOCs but may not know how to approach the issues proposed. While recent scholarship has addressed the disruptive nature of MOOCs, student privacy generally, and data privacy in the K-12 system, we provide an in-depth description and analysis of the MOOC phenomenon and the privacy laws and policies that guide and regulate educational institutions today. We offer privacy case studies of three major MOOC providers active in the market today to reveal inconsistencies among MOOC platform and the level and type of legal uncertainty surrounding them. Finally, we provide a list of organizational questions to pose internally to navigate the uncertainty presented to university MOOC teams.

Privacy Management and Networked PPD Systems - Challenges Solutions.

PubMed

Ruotsalainen, Pekka; Pharow, Peter; Petersen, Francoise

2015-01-01

Modern personal portable health devices (PPDs) become increasingly part of a larger, inhomogeneous information system. Information collected by sensors are stored and processed in global clouds. Services are often free of charge, but at the same time service providers' business model is based on the disclosure of users' intimate health information. Health data processed in PPD networks is not regulated by health care specific legislation. In PPD networks, there is no guarantee that stakeholders share same ethical principles with the user. Often service providers have own security and privacy policies and they rarely offer to the user possibilities to define own, or adapt existing privacy policies. This all raises huge ethical and privacy concerns. In this paper, the authors have analyzed privacy challenges in PPD networks from users' viewpoint using system modeling method and propose the principle "Personal Health Data under Personal Control" must generally be accepted at global level. Among possible implementation of this principle, the authors propose encryption, computer understandable privacy policies, and privacy labels or trust based privacy management methods. The latter can be realized using infrastructural trust calculation and monitoring service. A first step is to require the protection of personal health information and the principle proposed being internationally mandatory. This requires both regulatory and standardization activities, and the availability of open and certified software application which all service providers can implement. One of those applications should be the independent Trust verifier.

12 CFR 332.6 - Information to be included in privacy notices.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Information to be included in privacy notices... OF GENERAL POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.6 Information to be included in privacy notices. (a) General rule. The initial, annual and revised privacy...

75 FR 21226 - Information Privacy and Innovation in the Internet Economy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-23

...The Department of Commerce's Internet Policy Task Force is conducting a comprehensive review of the nexus between privacy policy and innovation in the Internet economy. The Department seeks public comment from all Internet stakeholders, including the commercial, academic and civil society sectors, on the impact of current privacy laws in the United States and around the world on the pace of innovation in the information economy. The Department also seeks to understand whether current privacy laws serve consumer interests and fundamental democratic values. After analyzing the comments responding to this Notice, the Department intends to issue a report, which will contribute to the Administration's domestic policy and international engagement in the area of Internet privacy.

12 CFR 332.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Annual privacy notice to customers required... OF GENERAL POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.5 Annual privacy notice to customers required. (a)(1) General rule. You must provide a clear and...

12 CFR 332.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Initial privacy notice to consumers required... OF GENERAL POLICY PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.4 Initial privacy notice to consumers required. (a) Initial notice requirement. You must provide a clear and...

32 CFR 323.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Policy. 323.3 Section 323.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM § 323.3 Policy. DLA adopts and supplements the DoD Privacy Program policy...

32 CFR 323.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Policy. 323.3 Section 323.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM § 323.3 Policy. DLA adopts and supplements the DoD Privacy Program policy...

Trust information-based privacy architecture for ubiquitous health.

PubMed

Ruotsalainen, Pekka Sakari; Blobel, Bernd; Seppälä, Antto; Nykänen, Pirkko

2013-10-08

Ubiquitous health is defined as a dynamic network of interconnected systems that offers health services independent of time and location to a data subject (DS). The network takes place in open and unsecure information space. It is created and managed by the DS who sets rules that regulate the way personal health information is collected and used. Compared to health care, it is impossible in ubiquitous health to assume the existence of a priori trust between the DS and service providers and to produce privacy using static security services. In ubiquitous health features, business goals and regulations systems followed often remain unknown. Furthermore, health care-specific regulations do not rule the ways health data is processed and shared. To be successful, ubiquitous health requires novel privacy architecture. The goal of this study was to develop a privacy management architecture that helps the DS to create and dynamically manage the network and to maintain information privacy. The architecture should enable the DS to dynamically define service and system-specific rules that regulate the way subject data is processed. The architecture should provide to the DS reliable trust information about systems and assist in the formulation of privacy policies. Furthermore, the architecture should give feedback upon how systems follow the policies of DS and offer protection against privacy and trust threats existing in ubiquitous environments. A sequential method that combines methodologies used in system theory, systems engineering, requirement analysis, and system design was used in the study. In the first phase, principles, trust and privacy models, and viewpoints were selected. Thereafter, functional requirements and services were developed on the basis of a careful analysis of existing research published in journals and conference proceedings. Based on principles, models, and requirements, architectural components and their interconnections were developed using system

Trust Information-Based Privacy Architecture for Ubiquitous Health

PubMed Central

2013-01-01

Background Ubiquitous health is defined as a dynamic network of interconnected systems that offers health services independent of time and location to a data subject (DS). The network takes place in open and unsecure information space. It is created and managed by the DS who sets rules that regulate the way personal health information is collected and used. Compared to health care, it is impossible in ubiquitous health to assume the existence of a priori trust between the DS and service providers and to produce privacy using static security services. In ubiquitous health features, business goals and regulations systems followed often remain unknown. Furthermore, health care-specific regulations do not rule the ways health data is processed and shared. To be successful, ubiquitous health requires novel privacy architecture. Objective The goal of this study was to develop a privacy management architecture that helps the DS to create and dynamically manage the network and to maintain information privacy. The architecture should enable the DS to dynamically define service and system-specific rules that regulate the way subject data is processed. The architecture should provide to the DS reliable trust information about systems and assist in the formulation of privacy policies. Furthermore, the architecture should give feedback upon how systems follow the policies of DS and offer protection against privacy and trust threats existing in ubiquitous environments. Methods A sequential method that combines methodologies used in system theory, systems engineering, requirement analysis, and system design was used in the study. In the first phase, principles, trust and privacy models, and viewpoints were selected. Thereafter, functional requirements and services were developed on the basis of a careful analysis of existing research published in journals and conference proceedings. Based on principles, models, and requirements, architectural components and their interconnections

The Regulatory Framework for Privacy and Security

NASA Astrophysics Data System (ADS)

Hiller, Janine S.

The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

76 FR 72218 - National Environmental Policy Act; NASA Routine Payloads on Expendable Launch Vehicles

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-22

...; NASA Routine Payloads on Expendable Launch Vehicles AGENCY: National Aeronautics and Space... (CEQ) Regulations for Implementing the Procedural Provisions of NEPA (40 CFR parts 1500-1508), and NASA policy and procedures (14 CFR part 1216 subpart 1216.3), NASA has made a Finding of No Significant Impact...

Privacy in the Genomic Era

PubMed Central

NAVEED, MUHAMMAD; AYDAY, ERMAN; CLAYTON, ELLEN W.; FELLAY, JACQUES; GUNTER, CARL A.; HUBAUX, JEAN-PIERRE; MALIN, BRADLEY A.; WANG, XIAOFENG

2015-01-01

Genome sequencing technology has advanced at a rapid pace and it is now possible to generate highly-detailed genotypes inexpensively. The collection and analysis of such data has the potential to support various applications, including personalized medical services. While the benefits of the genomics revolution are trumpeted by the biomedical community, the increased availability of such data has major implications for personal privacy; notably because the genome has certain essential features, which include (but are not limited to) (i) an association with traits and certain diseases, (ii) identification capability (e.g., forensics), and (iii) revelation of family relationships. Moreover, direct-to-consumer DNA testing increases the likelihood that genome data will be made available in less regulated environments, such as the Internet and for-profit companies. The problem of genome data privacy thus resides at the crossroads of computer science, medicine, and public policy. While the computer scientists have addressed data privacy for various data types, there has been less attention dedicated to genomic data. Thus, the goal of this paper is to provide a systematization of knowledge for the computer science community. In doing so, we address some of the (sometimes erroneous) beliefs of this field and we report on a survey we conducted about genome data privacy with biomedical specialists. Then, after characterizing the genome privacy problem, we review the state-of-the-art regarding privacy attacks on genomic data and strategies for mitigating such attacks, as well as contextualizing these attacks from the perspective of medicine and public policy. This paper concludes with an enumeration of the challenges for genome data privacy and presents a framework to systematize the analysis of threats and the design of countermeasures as the field moves forward. PMID:26640318

Privacy in the Genomic Era.

PubMed

Naveed, Muhammad; Ayday, Erman; Clayton, Ellen W; Fellay, Jacques; Gunter, Carl A; Hubaux, Jean-Pierre; Malin, Bradley A; Wang, Xiaofeng

2015-09-01

Genome sequencing technology has advanced at a rapid pace and it is now possible to generate highly-detailed genotypes inexpensively. The collection and analysis of such data has the potential to support various applications, including personalized medical services. While the benefits of the genomics revolution are trumpeted by the biomedical community, the increased availability of such data has major implications for personal privacy; notably because the genome has certain essential features, which include (but are not limited to) (i) an association with traits and certain diseases, (ii) identification capability (e.g., forensics), and (iii) revelation of family relationships. Moreover, direct-to-consumer DNA testing increases the likelihood that genome data will be made available in less regulated environments, such as the Internet and for-profit companies. The problem of genome data privacy thus resides at the crossroads of computer science, medicine, and public policy. While the computer scientists have addressed data privacy for various data types, there has been less attention dedicated to genomic data. Thus, the goal of this paper is to provide a systematization of knowledge for the computer science community. In doing so, we address some of the (sometimes erroneous) beliefs of this field and we report on a survey we conducted about genome data privacy with biomedical specialists. Then, after characterizing the genome privacy problem, we review the state-of-the-art regarding privacy attacks on genomic data and strategies for mitigating such attacks, as well as contextualizing these attacks from the perspective of medicine and public policy. This paper concludes with an enumeration of the challenges for genome data privacy and presents a framework to systematize the analysis of threats and the design of countermeasures as the field moves forward.

Space in Space: Designing for Privacy in the Workplace

NASA Technical Reports Server (NTRS)

Akin, Jonie

2015-01-01

Privacy is cultural, socially embedded in the spatial, temporal, and material aspects of the lived experience. Definitions of privacy are as varied among scholars as they are among those who fight for their personal rights in the home and the workplace. Privacy in the workplace has become a topic of interest in recent years, as evident in discussions on Big Data as well as the shrinking office spaces in which people work. An article in The New York Times published in February of this year noted that "many companies are looking to cut costs, and one way to do that is by trimming personal space". Increasingly, organizations ranging from tech start-ups to large corporations are downsizing square footage and opting for open-office floorplans hoping to trim the budget and spark creative, productive communication among their employees. The question of how much is too much to trim when it comes to privacy, is one that is being actively addressed by the National Aeronautics and Space Administration (NASA) as they explore habitat designs for future space missions. NASA recognizes privacy as a design-related stressor impacting human health and performance. Given the challenges of sustaining life in an isolated, confined, and extreme environment such as Mars, NASA deems it necessary to determine the acceptable minimal amount for habitable volume for activities requiring at least some level of privacy in order to support optimal crew performance. Ethnographic research was conducted in 2013 to explore perceptions of privacy and privacy needs among astronauts living and working in space as part of a long-distance, long-duration mission. The allocation of space, or habitable volume, becomes an increasingly complex issue in outer space due to the costs associated with maintaining an artificial, confined environment bounded by limitations of mass while located in an extreme environment. Privacy in space, or space in space, provides a unique case study of the complex notions of

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... in carrying out the privacy and disclosure policy. (e) Senior Agency Official for Privacy. The Senior...-date and, where additional or revised procedures may be called for, working with the relevant agency...

75 FR 32372 - Information Privacy and Innovation in the Internet Economy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-08

... initiative designed to gather public input and review the nexus between privacy policy and innovation in the... Internet. \\1\\ Commerce Secretary Locke Announces Public Review of Privacy Policy and Innovation in the... flexibility needed to foster innovation in the information economy; (2) the public confidence necessary for...

14 CFR § 1212.703 - NASA Chief Information Officer.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false NASA Chief Information Officer. § 1212.703 Section § 1212.703 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.703 NASA Chief Information Officer. (a) The NASA Chief...

Privacy Preserving Nearest Neighbor Search

NASA Astrophysics Data System (ADS)

Shaneck, Mark; Kim, Yongdae; Kumar, Vipin

Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this chapter we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification. We prove the security of these algorithms under the semi-honest adversarial model, and describe methods that can be used to optimize their performance. Keywords: Privacy Preserving Data Mining, Nearest Neighbor Search, Outlier Detection, Clustering, Classification, Secure Multiparty Computation

Information Parents Must Know about Online Privacy.

ERIC Educational Resources Information Center

Markell, Ginny

2000-01-01

Presents four tips to help parents monitor whether website operators are complying with the 1988 Children's Online Privacy Protection Act: look for privacy policies on children's websites; determine if they ask for parental consent to collect personal information; regularly monitor information being sent to children; and determine if web operators…

Privacy protection for patients with substance use problems.

PubMed

Hu, Lianne Lian; Sparenborg, Steven; Tai, Betty

2011-01-01

Many Americans with substance use problems will have opportunities to receive coordinated health care through the integration of primary care and specialty care for substance use disorders under the Patient Protection and Affordable Care Act of 2010. Sharing of patient health records among care providers is essential to realize the benefits of electronic health records. Health information exchange through meaningful use of electronic health records can improve health care safety, quality, and efficiency. Implementation of electronic health records and health information exchange presents great opportunities for health care integration, but also makes patient privacy potentially vulnerable. Privacy issues are paramount for patients with substance use problems. This paper discusses major differences between two federal privacy laws associated with health care for substance use disorders, identifies health care problems created by privacy policies, and describes potential solutions to these problems through technology innovation and policy improvement.

Privacy protection for patients with substance use problems

PubMed Central

Hu, Lianne Lian; Sparenborg, Steven; Tai, Betty

2011-01-01

Many Americans with substance use problems will have opportunities to receive coordinated health care through the integration of primary care and specialty care for substance use disorders under the Patient Protection and Affordable Care Act of 2010. Sharing of patient health records among care providers is essential to realize the benefits of electronic health records. Health information exchange through meaningful use of electronic health records can improve health care safety, quality, and efficiency. Implementation of electronic health records and health information exchange presents great opportunities for health care integration, but also makes patient privacy potentially vulnerable. Privacy issues are paramount for patients with substance use problems. This paper discusses major differences between two federal privacy laws associated with health care for substance use disorders, identifies health care problems created by privacy policies, and describes potential solutions to these problems through technology innovation and policy improvement. PMID:24474860

HIPAA compliance and patient privacy protection.

PubMed

Grandison, Tyrone; Bhatti, Rafae

2010-01-01

Recent prosecution of violations of the Health Insurance Portability and Accountability Act (HIPAA), and the amendments currently in process to strengthen the Act of 1996, has led many companies to take serious notice of the measures they must take to be a compliance. A company's privacy policy states the business' privacy practices and embodies the firm's commitments to its users and is normally mandatory step in reaching legislative compliance. in the face of this, the patient has to decipher if the company's privacy practices are congruent with their thoughts on the level of privacy protection they should be receiving. This is the core of our investigation. In this paper, we explore the question "Is a healthcare entity's compliance with regulation sufficient to provide the patient with adequate privacy protection?" in the context of the United States of America.

32 CFR 311.4 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM OFFICE OF THE SECRETARY OF DEFENSE AND JOINT STAFF PRIVACY PROGRAM § 311.4 Policy. It is DoD policy, in..., United States Code, commonly known and hereafter referred to as the “Privacy Act” and Appendix I of...

Privacy and human behavior in the age of information.

PubMed

Acquisti, Alessandro; Brandimarte, Laura; Loewenstein, George

2015-01-30

This Review summarizes and draws connections between diverse streams of empirical research on privacy behavior. We use three themes to connect insights from social and behavioral sciences: people's uncertainty about the consequences of privacy-related behaviors and their own preferences over those consequences; the context-dependence of people's concern, or lack thereof, about privacy; and the degree to which privacy concerns are malleable—manipulable by commercial and governmental interests. Organizing our discussion by these themes, we offer observations concerning the role of public policy in the protection of privacy in the information age. Copyright © 2015, American Association for the Advancement of Science.

Health information: reconciling personal privacy with the public good of human health.

PubMed

Gostin, L O

2001-01-01

The success of the health care system depends on the accuracy, correctness and trustworthiness of the information, and the privacy rights of individuals to control the disclosure of personal information. A national policy on health informational privacy should be guided by ethical principles that respect individual autonomy while recognizing the important collective interests in the use of health information. At present there are no adequate laws or constitutional principles to help guide a rational privacy policy. The laws are scattered and fragmented across the states. Constitutional law is highly general, without important specific safeguards. Finally, a case study is provided showing the important trade-offs that exist between public health and privacy. For a model public health law, see www.critpath.org/msphpa/privacy.

Footprints near the Surf: Individual Privacy Decisions in Online Contexts

ERIC Educational Resources Information Center

McDonald, Aleecia M.

2010-01-01

As more people seek the benefits of going online, more people are exposed to privacy risks from their time online. With a largely unregulated Internet, self-determination about privacy risks must be feasible for people from all walks of life. Yet in many cases decisions are either not obvious or not accessible. As one example, privacy policies are…

Privacy and security in teleradiology.

PubMed

Ruotsalainen, Pekka

2010-01-01

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

78 FR 32256 - Privacy Act of 1974; Report of an Altered CMS System of Records Notice

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-29

... tax payers or tax filers, and spouses and parents of applicants. Due to the potential impact of the... Privacy Officer, Division of Privacy Policy, Privacy Policy and Compliance Group, Office of E-Health... Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152) (collectively referred to as the...

Privacy Policy

MedlinePlus

... a database that is regularly purged. Third party contractors may have access to this information in order ... a response to your question or comment. These contractors are held to strict policies to safeguard the ...

14 CFR 1212.200 - Determining existence of records subject to the Privacy Act.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Determining existence of records subject to the Privacy Act. 1212.200 Section 1212.200 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.200 Determining existence of records subject...

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach.

PubMed

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-11-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges.

32 CFR 323.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Policy. 323.2 Section 323.2 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM § 323.2 Policy. It is the policy of DLA to safeguard personal information...

32 CFR 323.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Policy. 323.2 Section 323.2 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM § 323.2 Policy. It is the policy of DLA to safeguard personal information...

32 CFR 323.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Policy. 323.2 Section 323.2 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM § 323.2 Policy. It is the policy of DLA to safeguard personal information...

Trust and Privacy Solutions Based on Holistic Service Requirements.

PubMed

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-12-24

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Trust and Privacy Solutions Based on Holistic Service Requirements

PubMed Central

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-01-01

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

Variability in adolescent portal privacy features: how the unique privacy needs of the adolescent patient create a complex decision-making process.

PubMed

Sharko, Marianne; Wilcox, Lauren; Hong, Matthew K; Ancker, Jessica S

2018-05-17

Medical privacy policies, which are clear-cut for adults and young children, become ambiguous during adolescence. Yet medical organizations must establish unambiguous rules about patient and parental access to electronic patient portals. We conducted a national interview study to characterize the diversity in adolescent portal policies across a range of institutions and determine the factors influencing decisions about these policies. Within a sampling framework that ensured diversity of geography and medical organization type, we used purposive and snowball sampling to identify key informants. Semi-structured interviews were conducted and analyzed with inductive thematic analysis, followed by a member check. We interviewed informants from 25 medical organizations. Policies established different degrees of adolescent access (from none to partial to complete), access ages (from 10 to 18 years), degrees of parental access, and types of information considered sensitive. Federal and state law did not dominate policy decisions. Other factors in the decision process were: technology capabilities; differing patient population needs; resources; community expectations; balance between information access and privacy; balance between promoting autonomy and promoting family shared decision-making; and tension between teen privacy and parental preferences. Some informants believed that clearer standards would simplify policy-making; others worried that standards could restrict high-quality polices. In the absence of universally accepted standards, medical organizations typically undergo an arduous decision-making process to develop teen portal policies, weighing legal, economic, social, clinical, and technological factors. As a result, portal access policies are highly inconsistent across the United States and within individual states.

32 CFR 316.5 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Policy. 316.5 Section 316.5 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE INFORMATION SYSTEMS AGENCY PRIVACY PROGRAM § 316.5 Policy. It is the policy of DISA: (a) To preserve the...

What was privacy?

PubMed

McCreary, Lew

2008-10-01

Why is that question in the past tense? Because individuals can no longer feel confident that the details of their lives--from identifying numbers to cultural preferences--will be treated with discretion rather than exploited. Even as Facebook users happily share the names of their favorite books, movies, songs, and brands, they often regard marketers' use of that information as an invasion of privacy. In this wide-ranging essay, McCreary, a senior editor at HBR, examines numerous facets of the privacy issue, from Google searches, public shaming on the internet, and cell phone etiquette to passenger screening devices, public surveillance cameras, and corporate chief privacy officers. He notes that IBM has been a leader on privacy; its policy forswearing the use of employees' genetic information in hiring and benefits decisions predated the federal Genetic Information Nondiscrimination Act by three years. Now IBM is involved in an open-source project known as Higgins to provide users with transportable, potentially anonymous online presences. Craigslist, whose CEO calls it "as close to 100% user driven as you can get," has taken an extremely conservative position on privacy--perhaps easier for a company with a declared lack of interest in maximizing revenue. But TJX and other corporate victims of security breaches have discovered that retaining consumers' transaction information can be both costly and risky. Companies that underestimate the importance of privacy to their customers or fail to protect it may eventually face harsh regulation, reputational damage, or both. The best thing they can do, says the author, is negotiate directly with those customers over where to draw the line.

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2014 CFR

2014-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2014-07-01 2014-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2013 CFR

2013-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2013-07-01 2013-07-01 false DSS implementation policies. 321.14 Section 321...

32 CFR 321.14 - DSS implementation policies.

Code of Federal Regulations, 2012 CFR

2012-07-01

...) PRIVACY PROGRAM DEFENSE SECURITY SERVICE PRIVACY PROGRAM § 321.14 DSS implementation policies. (a) General... matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any... 32 National Defense 2 2012-07-01 2012-07-01 false DSS implementation policies. 321.14 Section 321...

22 CFR 308.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 2 2011-04-01 2009-04-01 true Policy. 308.2 Section 308.2 Foreign Relations PEACE CORPS IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 308.2 Policy. It is the policy of the Peace Corps to protect, preserve and defend the right of privacy of any individual as to whom the agency...

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach

PubMed Central

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-01-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges. PMID:26997936

From Data Privacy to Location Privacy

NASA Astrophysics Data System (ADS)

Wang, Ting; Liu, Ling

Over the past decade, the research on data privacy has achieved considerable advancement in the following two aspects: First, a variety of privacy threat models and privacy principles have been proposed, aiming at providing sufficient protection against different types of inference attacks; Second, a plethora of algorithms and methods have been developed to implement the proposed privacy principles, while attempting to optimize the utility of the resulting data. The first part of the chapter presents an overview of data privacy research by taking a close examination at the achievements from the above two aspects, with the objective of pinpointing individual research efforts on the grand map of data privacy protection. As a special form of data privacy, location privacy possesses its unique characteristics. In the second part of the chapter, we examine the research challenges and opportunities of location privacy protection, in a perspective analogous to data privacy. Our discussion attempts to answer the following three questions: (1) Is it sufficient to apply the data privacy models and algorithms developed to date for protecting location privacy? (2) What is the current state of the research on location privacy? (3) What are the open issues and technical challenges that demand further investigation? Through answering these questions, we intend to provide a comprehensive review of the state of the art in location privacy research.

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

Patient privacy and social media.

PubMed

Hader, Amy L; Brown, Evan D

2010-08-01

Healthcare providers using social media must remain mindful of professional boundaries and patients' privacy rights. Facebook and other online postings must comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), applicable facility policy, state law, and AANA's Code of Ethics.

Policies and Procedures for Accessing Archived NASA Lunar Data via the Web

NASA Technical Reports Server (NTRS)

James, Nathan L.; Williams, David R.

2011-01-01

The National Space Science Data Center (NSSDC) was established by NASA to provide for the preservation and dissemination of scientific data from NASA missions. This paper describes the policies specifically related to lunar science data. NSSDC presently archives 660 lunar data collections. Most of these data (423 units) are stored offline in analog format. The remainder of this collection consists of magnetic tapes and discs containing approximately 1.7 TB of digital lunar data. The active archive for NASA lunar data is the Planetary Data System (PDS). NSSDC has an agreement with the PDS Lunar Data Node to assist in the restoration and preparation of NSSDC-resident lunar data upon request for access and distribution via the PDS archival system. Though much of NSSDC's digital store also resides in PDS, NSSDC has many analog data collections and some digital lunar data sets that are not in PDS. NSSDC stands ready to make these archived lunar data accessible to both the research community and the general public upon request as resources allow. Newly requested offline lunar data are digitized and moved to near-line storage devices called digital linear tape jukeboxes. The data are then packaged and made network-accessible via FTP for the convenience of a growing segment of the user community. This publication will 1) discuss the NSSDC processes and policies that govern how NASA lunar data is preserved, restored, and made accessible via the web and 2) highlight examples of special lunar data requests.

Online Patron Records and Privacy: Service vs. Security.

ERIC Educational Resources Information Center

Fouty, Kathleen G.

1993-01-01

Examines issues regarding the privacy of information contained in patron databases that have resulted from online circulation systems. Topics discussed include library policies to protect information in patron records; ensuring compliance with policies; limiting the data collected; security authorizations; and creating and modifying patron…

45 CFR 5b.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 45 Public Welfare 1 2012-10-01 2012-10-01 false Policy. 5b.3 Section 5b.3 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION PRIVACY ACT REGULATIONS § 5b.3 Policy. It is the policy of the Department to protect the privacy of individuals to the fullest extent possible...

Aligning the Effective Use of Student Data with Student Privacy and Security Laws

ERIC Educational Resources Information Center

Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

2011-01-01

This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

32 CFR 322.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Policy. 322.3 Section 322.3 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.3 Policy. (a) The National Security...

Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

PubMed

Charbonneau, Deborah H

2016-08-01

While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age.

Federal Restrictions on Educational Research: Privacy Protection Study Commission Hearings

ERIC Educational Resources Information Center

Michael, John; Weinberg, JoAnn

1977-01-01

The Privacy Protection Study Commission (PPSC) held public hearings on personal data record-keeping policies and practices in educational institutions in Los Angeles in October and in Washington, D.C. in November, 1976. Under consideration were the protections afforded parents and students by the Family Educational Rights and Privacy Act.…

34 CFR 5b.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 34 Education 1 2012-07-01 2012-07-01 false Policy. 5b.3 Section 5b.3 Education Office of the Secretary, Department of Education PRIVACY ACT REGULATIONS § 5b.3 Policy. It is the policy of the Department to protect the privacy of individuals to the fullest extent possible while nonetheless permitting the...

Electronic consent channels: preserving patient privacy without handcuffing researchers.

PubMed

Shelton, Robert H

2011-02-09

Advances in health information technology and electronic medical records have the tremendous potential to accelerate translational and clinical research. However, privacy concerns threaten to be a rate-limiting factor. By recognizing and responding to patient privacy concerns, policy-makers, researchers, and information technology leaders have the opportunity to transform trial recruitment and make it safer to electronically locate and convey sensitive health information.

Privacy-protecting video surveillance

NASA Astrophysics Data System (ADS)

Wickramasuriya, Jehan; Alhazzazi, Mohanned; Datt, Mahesh; Mehrotra, Sharad; Venkatasubramanian, Nalini

2005-02-01

Forms of surveillance are very quickly becoming an integral part of crime control policy, crisis management, social control theory and community consciousness. In turn, it has been used as a simple and effective solution to many of these problems. However, privacy-related concerns have been expressed over the development and deployment of this technology. Used properly, video cameras help expose wrongdoing but typically come at the cost of privacy to those not involved in any maleficent activity. This work describes the design and implementation of a real-time, privacy-protecting video surveillance infrastructure that fuses additional sensor information (e.g. Radio-frequency Identification) with video streams and an access control framework in order to make decisions about how and when to display the individuals under surveillance. This video surveillance system is a particular instance of a more general paradigm of privacy-protecting data collection. In this paper we describe in detail the video processing techniques used in order to achieve real-time tracking of users in pervasive spaces while utilizing the additional sensor data provided by various instrumented sensors. In particular, we discuss background modeling techniques, object tracking and implementation techniques that pertain to the overall development of this system.

41 CFR 105-64.107 - What standards of conduct apply to employees with privacy-related responsibilities?

Code of Federal Regulations, 2011 CFR

2011-01-01

... SERVICES ADMINISTRATION Regional Offices-General Services Administration 64-GSA PRIVACY ACT RULES 64.1-Policies and Responsibilities § 105-64.107 What standards of conduct apply to employees with privacy... training requirements. All such employees will follow GSA orders HCO 9297.1 GSA Data Release Policy, HCO...

"Everybody Knows Everybody Else's Business"-Privacy in Rural Communities.

PubMed

Leung, Janni; Smith, Annetta; Atherton, Iain; McLaughlin, Deirdre

2016-12-01

Patients have a right to privacy in a health care setting. This involves conversational discretion, security of medical records and physical privacy of remaining unnoticed or unidentified when using health care services other than by those who need to know or whom the patient wishes to know. However, the privacy of cancer patients who live in rural areas is more difficult to protect due to the characteristics of rural communities. The purpose of this article is to reflect on concerns relating to the lack of privacy experienced by cancer patients and health care professionals in the rural health care setting. In addition, this article suggests future research directions to provide much needed evidence for educating health care providers and guiding health care policies that can lead to better protection of privacy among cancer patients living in rural communities.

Quality consciousness...auditing for HIPAA Privacy Compliance.

PubMed

LePar, Kathleen

2004-01-01

The Health Insurance Portability and Accountability Act (HIPAA) privacy deadline has passed. Now it is essential to comply with the regulations. The stakes are high; therefore, a HIPAA Privacy Compliance Program must be part of an organization's quality initiatives. This article provides guidelines for the challenges of continual program improvement, successful cultural change, and effective monitoring of the existing program. Healthcare organizations will attain compliance goals through internal audits on the processes, policies, and training efforts of their HIPAA program.

Individual privacy in an information dependent society

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clifford, B.P.

1994-12-31

The extraordinary technologies and capabilities of the Information Age have vastly improved communication, while allowing executives to have ultra-current information about their companies, subsidiaries, staff, clients, and practically any individual in the world. These advances, however, have stripped the individual of his privacy. Although invasions of privacy do not require a computer, computers have made it much easier to gather and select informatin, which means that it is also much easier to invade privacy. The increased value of information to policy makers leads them to covet information, even when acquiring it invades someone`s pricacy; not only do managers of privatemore » companies gather personal data, almost every citizen has files about him in Federal agencies and administrations.« less

48 CFR 2124.102-70 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... GROUP LIFE INSURANCE FEDERAL ACQUISITION REGULATION SOCIOECONOMIC PROGRAMS PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Protection of Individual Privacy 2124.102-70 Policy. Records retained by FEGLI... OPM. Consequently, the records do not fall within the provisions of the Privacy Act. Nevertheless, OPM...

NASA Information Technology Implementation Plan

NASA Technical Reports Server (NTRS)

2000-01-01

NASA's Information Technology (IT) resources and IT support continue to be a growing and integral part of all NASA missions. Furthermore, the growing IT support requirements are becoming more complex and diverse. The following are a few examples of the growing complexity and diversity of NASA's IT environment. NASA is conducting basic IT research in the Intelligent Synthesis Environment (ISE) and Intelligent Systems (IS) Initiatives. IT security, infrastructure protection, and privacy of data are requiring more and more management attention and an increasing share of the NASA IT budget. Outsourcing of IT support is becoming a key element of NASA's IT strategy as exemplified by Outsourcing Desktop Initiative for NASA (ODIN) and the outsourcing of NASA Integrated Services Network (NISN) support. Finally, technology refresh is helping to provide improved support at lower cost. Recently the NASA Automated Data Processing (ADP) Consolidation Center (NACC) upgraded its bipolar technology computer systems with Complementary Metal Oxide Semiconductor (CMOS) technology systems. This NACC upgrade substantially reduced the hardware maintenance and software licensing costs, significantly increased system speed and capacity, and reduced customer processing costs by 11 percent.

NASA specification for manufacturing and performance requirements of NASA standard aerospace nickel-cadmium cells

NASA Technical Reports Server (NTRS)

1988-01-01

On November 25, 1985, the NASA Chief Engineer established a NASA-wide policy to maintain and to require the use of the NASA standard for aerospace nickel-cadmium cells and batteries. The Associate Administrator for Safety, Reliability, Maintainability, and Quality Assurance stated on December 29, 1986, the intent to retain the NASA standard cell usage policy established by the Office of the Chief Engineer. The current NASA policy is also to incorporate technological advances as they are tested and proven for spaceflight applications. This policy will be implemented by modifying the existing standard cells or by developing new NASA standards and their specifications in accordance with the NASA's Aerospace Battery Systems Program Plan. This NASA Specification for Manufacturing and Performance Requirements of NASA Standard Aerospace Nickel-Cadmium Cells is prepared to provide requirements for the NASA standard nickel-cadmium cell. It is an interim specification pending resolution of the separator material availability. This specification has evolved from over 15 years of nickel-cadmium cell experience by NASA. Consequently, considerable experience has been collected and cell performance has been well characterized from many years of ground testing and from in-flight operations in both geosynchronous (GEO) and low earth orbit (LEO) applications. NASA has developed and successfully used two standard flight qualified cell designs.

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

41 CFR 105-64.107 - What standards of conduct apply to employees with privacy-related responsibilities?

Code of Federal Regulations, 2010 CFR

2010-07-01

... conduct apply to employees with privacy-related responsibilities? 105-64.107 Section 105-64.107 Public... SERVICES ADMINISTRATION Regional Offices-General Services Administration 64-GSA PRIVACY ACT RULES 64.1-Policies and Responsibilities § 105-64.107 What standards of conduct apply to employees with privacy...

41 CFR 105-64.107 - What standards of conduct apply to employees with privacy-related responsibilities?

Code of Federal Regulations, 2014 CFR

2014-01-01

... conduct apply to employees with privacy-related responsibilities? 105-64.107 Section 105-64.107 Public... SERVICES ADMINISTRATION Regional Offices-General Services Administration 64-GSA PRIVACY ACT RULES 64.1-Policies and Responsibilities § 105-64.107 What standards of conduct apply to employees with privacy...

Is Privacy at Risk when Commercial Websites Target Primary School Children? A Case Study in Korea

ERIC Educational Resources Information Center

Kim, Sora; Yi, Soon-Hyung

2010-01-01

This study discusses privacy risk factors when commercial web sites target primary school children in Korea. Specifically, the authors examined types of personal information required for membership subscriptions and whether privacy policies at commercial sites for children abide by privacy guidelines. A total of 159 commercial sites targeting…

Privacy and anonymity in the information society - challenges for the European Union.

PubMed

Tsoukalas, Ioannis A; Siozos, Panagiotis D

2011-03-01

Electronic information is challenging traditional views on property and privacy. The explosion of digital data, driven by novel web applications, social networking, and mobile devices makes data security and the protection of privacy increasingly difficult. Furthermore, biometric data and radiofrequency identification applications enable correlations that are able to trace our cultural, behavioral, and emotional states. The concept of privacy in the digital realm is transformed and emerges as one of the biggest risks facing today's Information Society. In this context, the European Union (EU) policy-making procedures strive to adapt to the pace of technological advancement. The EU needs to improve the existing legal frameworks for privacy and data protection. It needs to work towards a "privacy by education" approach for the empowerment of "privacy-literate" European digital citizens.

Ownership, Privacy, Confidentiality, and Security Data.

ERIC Educational Resources Information Center

Staman, E. Michael

1986-01-01

One of the areas most often neglected by those responsible for information systems in colleges and universities relates to ownership, privacy, confidentiality, and security of data. Background information and definitions are provided, and a suggested environment is described. Model recommendations for institutional policy are offered. (MLW)

32 CFR 1701.20 - Exemption policies.

Code of Federal Regulations, 2010 CFR

2010-07-01

... INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Exemption of Record Systems Under the Privacy Act § 1701.20 Exemption policies. (a) General. The DNI has determined that invoking exemptions under the Privacy Act and continuing exemptions previously asserted by agencies whose records ODNI...

45 CFR 5b.3 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION PRIVACY ACT REGULATIONS § 5b.3 Policy. It is the policy of the Department to protect the privacy of individuals to the fullest extent possible... public is entitled to have under the Freedom of Information Act, 5 U.S.C. 552, and part 5 of this title. ...

45 CFR 5b.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Department of Health and Human Services GENERAL ADMINISTRATION PRIVACY ACT REGULATIONS § 5b.3 Policy. It is the policy of the Department to protect the privacy of individuals to the fullest extent possible... public is entitled to have under the Freedom of Information Act, 5 U.S.C. 552, and part 5 of this title. ...

45 CFR 5b.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION PRIVACY ACT REGULATIONS § 5b.3 Policy. It is the policy of the Department to protect the privacy of individuals to the fullest extent possible... public is entitled to have under the Freedom of Information Act, 5 U.S.C. 552, and part 5 of this title. ...

Overview of Privacy in Social Networking Sites (SNS)

NASA Astrophysics Data System (ADS)

Powale, Pallavi I.; Bhutkar, Ganesh D.

2013-07-01

Social Networking Sites (SNS) have become an integral part of communication and life style of people in today's world. Because of the wide range of services offered by SNSs mostly for free of cost, these sites are attracting the attention of all possible Internet users. Most importantly, users from all age groups have become members of SNSs. Since many of the users are not aware of the data thefts associated with information sharing, they freely share their personal information with SNSs. Therefore, SNSs may be used for investigating users' character and social habits by familiar or even unknown persons and agencies. Such commercial and social scenario, has led to number of privacy and security threats. Though, all major issues in SNSs need to be addressed, by SNS providers, privacy of SNS users is the most crucial. And therefore, in this paper, we have focused our discussion on "privacy in SNSs". We have discussed different ways of Personally Identifiable Information (PII) leakages from SNSs, information revelation to third-party domains without user consent and privacy related threats associated with such information sharing. We expect that this comprehensive overview on privacy in SNSs will definitely help in raising user awareness about sharing data and managing their privacy with SNSs. It will also help SNS providers to rethink about their privacy policies.

Privacy rules for DNA databanks. Protecting coded 'future diaries'.

PubMed

Annas, G J

1993-11-17

In privacy terms, genetic information is like medical information. But the information contained in the DNA molecule itself is more sensitive because it contains an individual's probabilistic "future diary," is written in a code that has only partially been broken, and contains information about an individual's parents, siblings, and children. Current rules for protecting the privacy of medical information cannot protect either genetic information or identifiable DNA samples stored in DNA databanks. A review of the legal and public policy rationales for protecting genetic privacy suggests that specific enforceable privacy rules for DNA databanks are needed. Four preliminary rules are proposed to govern the creation of DNA databanks, the collection of DNA samples for storage, limits on the use of information derived from the samples, and continuing obligations to those whose DNA samples are in the databanks.

Drone Technology and Future Aviation on This Week @NASA – August 5, 2016

NASA Image and Video Library

2016-08-05

On Aug. 2, NASA’s Associate Administrator for Aeronautics Jaiwon Shin, representatives from the Federal Aviation Administration (FAA), aviation industry leaders and the academic research community participated in a workshop hosted by the White House Office of Science and Technology Policy (OSTP) to discuss Drones and the Future of Aviation. The event was designed to explore airspace integration issues; public and commercial uses; and safety, security, and privacy concerns related to this emerging technology. NASA is working with the FAA on a traffic management system that will enable pilots of these aircraft to fly safely in the national airspace. Also, Maryland Storms Imaged from Space, Io’s Collapsing Atmosphere, Orion Crew Module Moved, AstrOlympics, and more!

32 CFR 1701.6 - Disclosure of records/policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... NATIONAL INTELLIGENCE ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974 Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 1701.6 Disclosure of records/policy... Privacy Act Systems of Records Notices (available at http://www.dni.gov); (d) Release to the Bureau of the...

Privacy and medical information on the Internet.

PubMed

Nelson, Steven B

2006-02-01

Health-care consumers are beginning to realize the presence and value of health-care information available on the Internet, but they need to be aware of risks that may be involved. In addition to delivering information, some Web sites collect information. Though not all of the information might be classified as protected health information, consumers need to realize what is collected and how it might be used. Consumers should know a Web site\\'s privacy policy before divulging any personal information. Health-care providers have a responsibility to know what information they are collecting and why. Web servers may collect large amounts of visitor information by default, and they should be modified to limit data collection to only what is necessary. Providers need to be cognizant of the many regulations concerning collection and disclosure of information obtained from consumers. Providers should also provide an easily understood privacy policy for users.

Control use of data to protect privacy.

PubMed

Landau, Susan

2015-01-30

Massive data collection by businesses and governments calls into question traditional methods for protecting privacy, underpinned by two core principles: (i) notice, that there should be no data collection system whose existence is secret, and (ii) consent, that data collected for one purpose not be used for another without user permission. But notice, designated as a fundamental privacy principle in a different era, makes little sense in situations where collection consists of lots and lots of small amounts of information, whereas consent is no longer realistic, given the complexity and number of decisions that must be made. Thus, efforts to protect privacy by controlling use of data are gaining more attention. I discuss relevant technology, policy, and law, as well as some examples that can illuminate the way. Copyright © 2015, American Association for the Advancement of Science.

Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment.

PubMed

Huckvale, Kit; Prieto, José Tomás; Tilney, Myra; Benghozi, Pierre-Jean; Car, Josip

2015-09-07

Poor information privacy practices have been identified in health apps. Medical app accreditation programs offer a mechanism for assuring the quality of apps; however, little is known about their ability to control information privacy risks. We aimed to assess the extent to which already-certified apps complied with data protection principles mandated by the largest national accreditation program. Cross-sectional, systematic, 6-month assessment of 79 apps certified as clinically safe and trustworthy by the UK NHS Health Apps Library. Protocol-based testing was used to characterize personal information collection, local-device storage and information transmission. Observed information handling practices were compared against privacy policy commitments. The study revealed that 89% (n = 70/79) of apps transmitted information to online services. No app encrypted personal information stored locally. Furthermore, 66% (23/35) of apps sending identifying information over the Internet did not use encryption and 20% (7/35) did not have a privacy policy. Overall, 67% (53/79) of apps had some form of privacy policy. No app collected or transmitted information that a policy explicitly stated it would not; however, 78% (38/49) of information-transmitting apps with a policy did not describe the nature of personal information included in transmissions. Four apps sent both identifying and health information without encryption. Although the study was not designed to examine data handling after transmission to online services, security problems appeared to place users at risk of data theft in two cases. Systematic gaps in compliance with data protection principles in accredited health apps question whether certification programs relying substantially on developer disclosures can provide a trusted resource for patients and clinicians. Accreditation programs should, as a minimum, provide consistent and reliable warnings about possible threats and, ideally, require publishers to

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks.

PubMed

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-09-03

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients' full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

Managing security and privacy concerns over data storage in healthcare research.

PubMed

Mackenzie, Isla S; Mantay, Brian J; McDonnell, Patrick G; Wei, Li; MacDonald, Thomas M

2011-08-01

Issues surrounding data security and privacy are of great importance when handling sensitive health-related data for research. The emphasis in the past has been on balancing the risks to individuals with the benefit to society of the use of databases for research. However, a new way of looking at such issues is that by optimising procedures and policies regarding security and privacy of data to the extent that there is no appreciable risk to the privacy of individuals, we can create a 'win-win' situation in which everyone benefits, and pharmacoepidemiological research can flourish with public support. We discuss holistic measures, involving both information technology and people, taken to improve the security and privacy of data storage. After an internal review, we commissioned an external audit by an independent consultant with a view to optimising our data storage and handling procedures. Improvements to our policies and procedures were implemented as a result of the audit. By optimising our storage of data, we hope to inspire public confidence and hence cooperation with the use of health care data in research. Copyright © 2011 John Wiley & Sons, Ltd.

Lessons learned from a privacy breach at an academic health science centre.

PubMed

Malonda, Jacqueline; Campbell, Janice; Crivianu-Gaita, Daniela; Freedman, Melvin H; Stevens, Polly; Laxer, Ronald M

2009-01-01

In 2007, the Hospital for Sick Children experienced a serious privacy breach when a laptop computer containing the personal health information of approximately 3,000 patients and research subjects was stolen from a physician-researcher's vehicle. This incident was reported to the information and privacy commissioner of Ontario (IPC). The IPC issued an order that required the hospital to examine and revise its policies, practices and research protocols related to the protection of personal health information and to educate staff on privacy-related matters.

Toward a Behavioral Approach to Privacy for Online Social Networks

NASA Astrophysics Data System (ADS)

Banks, Lerone D.; Wu, S. Felix

We examine the correlation between user interactions and self reported information revelation preferences for users of the popular Online Social Network (OSN), Facebook. Our primary goal is to explore the use of indicators of tie strength to inform localized, per-user privacy preferences for users and their ties within OSNs. We examine the limitations of such an approach and discuss future plans to incorporate this approach into the development of an automated system for helping users define privacy policy. As part of future work, we discuss how to define/expand policy to the entire social network. We also present additional collected data similar to other studies such as perceived tie strength and information revelation preferences for OSN users.

Protecting the Privacy and Security of Your Health Information

MedlinePlus

... Access to Medical Records Privacy, Security, and HIPAA Laws, Regulation, and Policy Scientific Initiatives Standards & Technology Usability ... care providers and professionals, and the government. Federal laws require many of the key persons and organizations ...

Automated Detection of Privacy Sensitive Conditions in C-CDAs: Security Labeling Services at the Department of Veterans Affairs

PubMed Central

Bouhaddou, Omar; Davis, Mike; Donahue, Margaret; Mallia, Anthony; Griffin, Stephania; Teal, Jennifer; Nebeker, Jonathan

2016-01-01

Care coordination across healthcare organizations depends upon health information exchange. Various policies and laws govern permissible exchange, particularly when the information includes privacy sensitive conditions. The Department of Veterans Affairs (VA) privacy policy has required either blanket consent or manual sensitivity review prior to exchanging any health information. The VA experience has been an expensive, administratively demanding burden on staffand Veterans alike, particularly for patients without privacy sensitive conditions. Until recently, automatic sensitivity determination has not been feasible. This paper proposes a policy-driven algorithmic approach (Security Labeling Service or SLS) to health information exchange that automatically detects the presence or absence of specific privacy sensitive conditions and then, to only require a Veteran signed consent for release when actually present. The SLS was applied successfully to a sample of real patient Consolidated-Clinical Document Architecture(C-CDA) documents. The SLS identified standard terminology codes by both parsing structured entries and analyzing textual information using Natural Language Processing (NLP). PMID:28269828

Automated Detection of Privacy Sensitive Conditions in C-CDAs: Security Labeling Services at the Department of Veterans Affairs.

PubMed

Bouhaddou, Omar; Davis, Mike; Donahue, Margaret; Mallia, Anthony; Griffin, Stephania; Teal, Jennifer; Nebeker, Jonathan

2016-01-01

Care coordination across healthcare organizations depends upon health information exchange. Various policies and laws govern permissible exchange, particularly when the information includes privacy sensitive conditions. The Department of Veterans Affairs (VA) privacy policy has required either blanket consent or manual sensitivity review prior to exchanging any health information. The VA experience has been an expensive, administratively demanding burden on staffand Veterans alike, particularly for patients without privacy sensitive conditions. Until recently, automatic sensitivity determination has not been feasible. This paper proposes a policy-driven algorithmic approach (Security Labeling Service or SLS) to health information exchange that automatically detects the presence or absence of specific privacy sensitive conditions and then, to only require a Veteran signed consent for release when actually present. The SLS was applied successfully to a sample of real patient Consolidated-Clinical Document Architecture(C-CDA) documents. The SLS identified standard terminology codes by both parsing structured entries and analyzing textual information using Natural Language Processing (NLP).

Regulating genetic privacy in the online health information era.

PubMed

Magnusson, Roger S

As the clinical implications of the genetic components of disease come to be better understood, there is likely to be a significant increase in the volume of genetic information held within clinical records. As patient health care records, in turn, come on-line as part of broader health information networks, there is likely to be considerable pressure in favour of special laws protecting genetic privacy. This paper reviews some of the privacy challenges posed by electronic health records, some government initiatives in this area, and notes the impact that developments in genetic testing will have upon the 'genetic content' of e-health records. Despite the sensitivity of genetic information, the paper argues against a policy of 'genetic exceptionalism', and its implications for genetic privacy laws.

NASA agenda for tomorrow

NASA Technical Reports Server (NTRS)

1988-01-01

Key elements of national policy, NASA goals and objectives, and other materials that comprise the framework for NASA planning are included. The contents are expressed as they existed through much of 1988; thus they describe the strategic context employed by NASA in planning both the FY 1989 program just underway and the proposed FY 1990 program. NASA planning will continue to evolve in response to national policy requirements, a changing environment, and new opportunities. Agenda for Tomorrow provides a status report as of the time of its publication.

A Generic Privacy Quantification Framework for Privacy-Preserving Data Publishing

ERIC Educational Resources Information Center

Zhu, Zutao

2010-01-01

In recent years, the concerns about the privacy for the electronic data collected by government agencies, organizations, and industries are increasing. They include individual privacy and knowledge privacy. Privacy-preserving data publishing is a research branch that preserves the privacy while, at the same time, withholding useful information in…

New Technology "Clouds" Student Data Privacy

ERIC Educational Resources Information Center

Krueger, Keith R.; Moore, Bob

2015-01-01

As technology has leaped forward to provide valuable learning tools, parents and policy makers have begun raising concerns about the privacy of student data that schools and systems have. Federal laws are intended to protect students and their families but they have not and will never be able to keep up with rapidly evolving technology. School…

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks

PubMed Central

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-01-01

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs. PMID:26404300

Choose Privacy Week: Educate Your Students (and Yourself) about Privacy

ERIC Educational Resources Information Center

Adams, Helen R.

2016-01-01

The purpose of "Choose Privacy Week" is to encourage a national conversation to raise awareness of the growing threats to personal privacy online and in day-to-day life. The 2016 Choose Privacy Week theme is "respecting individuals' privacy," with an emphasis on minors' privacy. A plethora of issues relating to minors' privacy…

32 CFR 326.6 - Policies for processing requests for records.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL RECONNAISSANCE OFFICE PRIVACY ACT PROGRAM § 326.6 Policies... Freedom of Information Act (FOIA) and the Privacy Act and the applicable regulations. Such requests will... disclosure under the FOIA. (b) A Privacy Act request that neither specifies the system(s) of records to be...

32 CFR 326.6 - Policies for processing requests for records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL RECONNAISSANCE OFFICE PRIVACY ACT PROGRAM § 326.6 Policies... Freedom of Information Act (FOIA) and the Privacy Act and the applicable regulations. Such requests will... disclosure under the FOIA. (b) A Privacy Act request that neither specifies the system(s) of records to be...

Navigating State and Federal Student Privacy Laws to Design Educationally Sound Parental Notice Policies

ERIC Educational Resources Information Center

Baker, Thomas R.

2008-01-01

This chapter describes the relationship between federal student privacy laws and state privacy laws, and identifies the changes in the federal law over the last ten years affecting disclosure to parents of college students. Recent litigation on health emergencies is outlined and the limited rights of college students not yet eighteen years of age…

48 CFR 24.203 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 24.203 Policy. (a) The Act... law enforcement. Since these requests often involve complex issues requiring an in-depth knowledge of..., authorized agency officials may contact the Department of Justice, Office of Information and Privacy. A...

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

Biobanking Research and Privacy Laws in the United States.

PubMed

Harrell, Heather L; Rothstein, Mark A

2016-03-01

Privacy is protected in biobank-based research in the US primarily by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the Federal Policy for Protection of Human Subjects (Common Rule). Neither rule, however, was created to function in the unique context of biobank research, and therefore neither applies to all biobank-based research. Not only is it challenging to determine when the HIPAA Privacy Rule or the Common Rule apply, but these laws apply different standards to protect privacy. In addition, many other federal and state laws may be applicable to a particular biobank, researcher, or project. US law also does not directly address international sharing of data or specimens outside of the EU-US Safe Harbor Agreement, which only applies to receipt of data by certain US entities from EU countries, and is in the process of revision. Although new rules would help clarify privacy protections in biobanking, any implemented changes should be studied to determine the sufficiency of the protections as well as its ability to facilitate or hinder international collaborations. © 2016 American Society of Law, Medicine & Ethics.

48 CFR 724.202 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... PROGRAMS PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 724.202 Policy. The U.S. Agency for International Development's policies concerning implementation of the Freedom of...

NASA metrication activities

NASA Technical Reports Server (NTRS)

Vlannes, P. N.

1978-01-01

NASA's organization and policy for metrification, history from 1964, NASA participation in Federal agency activities, interaction with nongovernmental metrication organizations, and the proposed metrication assessment study are reviewed.

Implementation of data security and data privacy provisions will bring sweeping changes to laboratory service providers.

PubMed

Boothe, J F

2000-01-01

The Health Insurance Portability and Accountability Act included substantial changes involving handling of health information by establishing national standards for electronic transactions, data privacy, and data security. The first final rule for electronic transaction standards was published August 17, 2000. The remaining final rules are expected to be published in Winter 2000. Providers, such as clinical laboratories, will have 26 months from the data of publication to comply. The civil monetary fines for noncompliance are substantial. This article will review the key provisions of the data security and data privacy proposed rules. These provisions will touch virtually every aspect of electronic claims submissions, electronic data transactions, and the electronic storage of medical information. The proposed rules will require a coordinated approach by providers to develop the policies and procedures, and the technical and physical infrastructure to protect health information. Moreover, providers will need to identify a privacy officer, to review existing privacy policies to compare the proposed rule with any existing state laws to determine which may be more stringent, and to develop new policies to address the particular requirements of the final rule.

14 CFR 1212.100 - Scope and purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

....100 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Basic Policy § 1212.100 Scope and purpose. This part 1212 implements the Privacy Act of 1974, as amended (5 U.S.C. 552a). It establishes procedures for individuals to access their Privacy Act records and to...

32 CFR 310.5 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Policy. 310.5 Section 310.5 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DOD PRIVACY... and fundamental right that shall be respected and protected. (1) The Department's need to collect...

Presidential Space Policy Directs NASA to Return Humans to Moon

NASA Image and Video Library

2017-12-11

President Donald Trump signed a new Space Policy Directive-1 at the White House on Monday, Dec. 11, directing NASA’s human spaceflight program back to the Moon, as recommended by the National Space Council.    The directive calls for NASA to lead an innovative and sustainable program of exploration with commercial and international partners to enable human expansion across the solar system, and to bring back to Earth new knowledge and opportunities for human advancement. This effort will more effectively organize government, private industry, and international efforts toward returning humans on the Moon, and will lay the foundation that will eventually enable human exploration of Mars.

Privacy Awareness: A Means to Solve the Privacy Paradox?

NASA Astrophysics Data System (ADS)

Pötzsch, Stefanie

People are limited in their resources, i.e. they have limited memory capabilities, cannot pay attention to too many things at the same time, and forget much information after a while; computers do not suffer from these limitations. Thus, revealing personal data in electronic communication environments and being completely unaware of the impact of privacy might cause a lot of privacy issues later. Even if people are privacy aware in general, the so-called privacy paradox shows that they do not behave according to their stated attitudes. This paper discusses explanations for the existing dichotomy between the intentions of people towards disclosure of personal data and their behaviour. We present requirements on tools for privacy-awareness support in order to counteract the privacy paradox.

Privacy and Technology: Counseling Institutions of Higher Education.

ERIC Educational Resources Information Center

Cranman, Kevin A.

1998-01-01

Examines the challenges to colleges and universities associated with maintaining privacy as use of technology increases and technology advances. Lapses in security, types of information needing protection, liability under federal laws, other relevant laws and pending legislation, ethics, and policy implementation in the electronic age are…

Closing the Barn Door: The Effect of Parental Supervision on Canadian Children's Online Privacy

ERIC Educational Resources Information Center

Steeves, Valerie; Webster, Cheryl

2008-01-01

Empirical data from a large sample of Canadian youth aged 13 to 17 years suggest that, although the current privacy policy framework is having a positive effect on the extent to which young people are complying with the types of behavior promoted by adults as privacy protective, its primary focus on parental supervision is inadequate to fully…

Genetic secrets: Protecting privacy and confidentiality in the genetic era

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rothstein, M.A.

1998-07-01

Few developments are likely to affect human beings more profoundly in the long run than the discoveries resulting from advances in modern genetics. Although the developments in genetic technology promise to provide many additional benefits, their application to genetic screening poses ethical, social, and legal questions, many of which are rooted in issues of privacy and confidentiality. The ethical, practical, and legal ramifications of these and related questions are explored in depth. The broad range of topics includes: the privacy and confidentiality of genetic information; the challenges to privacy and confidentiality that may be projected to result from the emergingmore » genetic technologies; the role of informed consent in protecting the confidentiality of genetic information in the clinical setting; the potential uses of genetic information by third parties; the implications of changes in the health care delivery system for privacy and confidentiality; relevant national and international developments in public policies, professional standards, and laws; recommendations; and the identification of research needs.« less

The NASA Organization

NASA Technical Reports Server (NTRS)

1994-01-01

This Handbook, effective 13 September 1994, documents the NASA organization, defines terms, and sets forth the policy and requirements for establishing, modifying, and documenting the NASA organizational structure and for assigning organizational responsibilities.

Understanding Climate Policy Data Needs. NASA Carbon Monitoring System Briefing: Characterizing Flux Uncertainty, Washington D.C., 11 January 2012

NASA Technical Reports Server (NTRS)

Brown, Molly E.; Macauley, Molly

2012-01-01

Climate policy in the United States is currently guided by public-private partnerships and actions at the local and state levels. This mitigation strategy is made up of programs that focus on energy efficiency, renewable energy, agricultural practices and implementation of technologies to reduce greenhouse gases. How will policy makers know if these strategies are working, particularly at the scales at which they are being implemented? The NASA Carbon Monitoring System (CMS) will provide information on carbon dioxide fluxes derived from observations of earth's land, ocean and atmosphere used in state of the art models describing their interactions. This new modeling system could be used to assess the impact of specific policy interventions on CO2 reductions, enabling an iterative, results-oriented policy process. In January of 2012, the CMS team held a meeting with carbon policy and decision makers in Washington DC to describe the developing modeling system to policy makers. The NASA CMS will develop pilot studies to provide information across a range of spatial scales, consider carbon storage in biomass, and improve measures of the atmospheric distribution of carbon dioxide. The pilot involves multiple institutions (four NASA centers as well as several universities) and over 20 scientists in its work. This pilot study will generate CO2 flux maps for two years using observational constraints in NASA's state-of -the-art models. Bottom-up surface flux estimates will be computed using data-constrained land and ocean models; comparison of the different techniques will provide some knowledge of uncertainty in these estimates. Ensembles of atmospheric carbon distributions will be computed using an atmospheric general circulation model (GEOS-5), with perturbations to the surface fluxes and to transport. Top-down flux estimates will be computed from observed atmospheric CO2 distributions (ACOS/GOSAT retrievals) alongside the forward-model fields, in conjunction with an

Privacy as an enabler, not an impediment: building trust into health information exchange.

PubMed

McGraw, Deven; Dempsey, James X; Harris, Leslie; Goldman, Janlori

2009-01-01

Building privacy and security protections into health information technology systems will bolster trust in such systems and promote their adoption. The privacy issue, too long seen as a barrier to electronic health information exchange, can be resolved through a comprehensive framework that implements core privacy principles, adopts trusted network design characteristics, and establishes oversight and accountability mechanisms. The public policy challenges of implementing this framework in a complex and evolving environment will require improvements to existing law, new rules for entities outside the traditional health care sector, a more nuanced approach to the role of consent, and stronger enforcement mechanisms.

Implications of privacy needs and interpersonal distancing mechanisms for space station design

NASA Technical Reports Server (NTRS)

Harrison, Albert A.; Sommer, Robert; Struthers, Nancy; Hoyt, Kathleen

1988-01-01

Isolation, confinement, and the characteristics of microgravity will accentuate the need for privacy in the proposed NASA space station, yet limit the mechanism available for achieving it. This study proposes a quantitative model for understanding privacy, interpersonal distancing, and performance, and discusses the practical implications for Space Station design. A review of the relevant literature provided the basis for a database, definitions of physical and psychological distancing, loneliness, and crowding, and a quantitative model of situational privacy. The model defines situational privacy (the match between environment and task), and focuses on interpersonal contact along visual, auditory, olfactory, and tactile dimensions. It involves summing across pairs of crew members, contact dimensions, and time, yet also permits separate analyses of subsets of crew members and contact dimensions. The study concludes that performance will benefit when the type and level of contact afforded by the environment align with that required by the task. The key to achieving this is to design a flexible, definable, and redefinable interior environment that provides occupants with a wide array of options to meet their needs for solitude, limited social interaction, and open group activity. The report presents 49 recommendations in five categories to promote a wide range of privacy options despite the space station's volumetric limitations.

Security controls in an integrated Biobank to protect privacy in data sharing: rationale and study design.

PubMed

Takai-Igarashi, Takako; Kinoshita, Kengo; Nagasaki, Masao; Ogishima, Soichi; Nakamura, Naoki; Nagase, Sachiko; Nagaie, Satoshi; Saito, Tomo; Nagami, Fuji; Minegishi, Naoko; Suzuki, Yoichi; Suzuki, Kichiya; Hashizume, Hiroaki; Kuriyama, Shinichi; Hozawa, Atsushi; Yaegashi, Nobuo; Kure, Shigeo; Tamiya, Gen; Kawaguchi, Yoshio; Tanaka, Hiroshi; Yamamoto, Masayuki

2017-07-06

With the goal of realizing genome-based personalized healthcare, we have developed a biobank that integrates personal health, genome, and omics data along with biospecimens donated by volunteers of 150,000. Such a large-scale of data integration involves obvious risks of privacy violation. The research use of personal genome and health information is a topic of global discussion with regard to the protection of privacy while promoting scientific advancement. The present paper reports on our plans, current attempts, and accomplishments in addressing security problems involved in data sharing to ensure donor privacy while promoting scientific advancement. Biospecimens and data have been collected in prospective cohort studies with the comprehensive agreement. The sample size of 150,000 participants was required for multiple researches including genome-wide screening of gene by environment interactions, haplotype phasing, and parametric linkage analysis. We established the T ohoku M edical M egabank (TMM) data sharing policy: a privacy protection rule that requires physical, personnel, and technological safeguards against privacy violation regarding the use and sharing of data. The proposed policy refers to that of NCBI and that of the Sanger Institute. The proposed policy classifies shared data according to the strength of re-identification risks. Local committees organized by TMM evaluate re-identification risk and assign a security category to a dataset. Every dataset is stored in an assigned segment of a supercomputer in accordance with its security category. A security manager should be designated to handle all security problems at individual data use locations. The proposed policy requires closed networks and IP-VPN remote connections. The mission of the biobank is to distribute biological resources most productively. This mission motivated us to collect biospecimens and health data and simultaneously analyze genome/omics data in-house. The biobank also has the

32 CFR 311.4 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Policy. 311.4 Section 311.4 National Defense... THE SECRETARY OF DEFENSE AND JOINT STAFF PRIVACY PROGRAM § 311.4 Policy. It is DoD policy, in... manner that complies with the law and DoD policy. Any information collected by WHS-Serviced Components...

Balancing Cyberspace Promise, Privacy, and Protection: Tracking the Debate.

ERIC Educational Resources Information Center

Metivier-Carreiro, Karen A.; LaFollette, Marcel C.

1997-01-01

Examines aspects of cyberspace policy: Internet content and expectations; privacy: medical information and data collected by the government; and the regulation of offensive material: the Communications Decency Act, Internet filters, and the American Library Association's proactive great Web sites for children. Suggests that even "child…

Surveillance versus Privacy: Considerations for the San Bernardino Community

ERIC Educational Resources Information Center

Price, Robert

2017-01-01

This privacy versus security doctoral research examines existing literature, policies, and perceptions to identify the effects of the 2015 San Bernardino terrorist attack on the San Bernardino community. This study contributes to identifying factors that influence perceptions of governmental surveillance. Multiple articles contribute to the…

Genetic privacy.

PubMed

Sankar, Pamela

2003-01-01

During the past 10 years, the number of genetic tests performed more than tripled, and public concern about genetic privacy emerged. The majority of states and the U.S. government have passed regulations protecting genetic information. However, research has shown that concerns about genetic privacy are disproportionate to known instances of information misuse. Beliefs in genetic determinacy explain some of the heightened concern about genetic privacy. Discussion of the debate over genetic testing within families illustrates the most recent response to genetic privacy concerns.

Efficient Method of Achieving Agreements between Individuals and Organizations about RFID Privacy

NASA Astrophysics Data System (ADS)

Cha, Shi-Cho

This work presents novel technical and legal approaches that address privacy concerns for personal data in RFID systems. In recent years, to minimize the conflict between convenience and the privacy risk of RFID systems, organizations have been requested to disclose their policies regarding RFID activities, obtain customer consent, and adopt appropriate mechanisms to enforce these policies. However, current research on RFID typically focuses on enforcement mechanisms to protect personal data stored in RFID tags and prevent organizations from tracking user activity through information emitted by specific RFID tags. A missing piece is how organizations can obtain customers' consent efficiently and flexibly. This study recommends that organizations obtain licenses automatically or semi-automatically before collecting personal data via RFID technologies rather than deal with written consents. Such digitalized and standard licenses can be checked automatically to ensure that collection and use of personal data is based on user consent. While individuals can easily control who has licenses and license content, the proposed framework provides an efficient and flexible way to overcome the deficiencies in current privacy protection technologies for RFID systems.

22 CFR 308.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 22 Foreign Relations 2 2014-04-01 2014-04-01 false Policy. 308.2 Section 308.2 Foreign Relations PEACE CORPS IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 308.2 Policy. It is the policy of the Peace... records including adequate opportunity to correct any errors in said records. It is further the policy of...

Couldn't or wouldn't? The influence of privacy concerns and self-efficacy in privacy management on privacy protection.

PubMed

Chen, Hsuan-Ting; Chen, Wenghong

2015-01-01

Sampling 515 college students, this study investigates how privacy protection, including profile visibility, self-disclosure, and friending, are influenced by privacy concerns and efficacy regarding one's own ability to manage privacy settings, a factor that researchers have yet to give a great deal of attention to in the context of social networking sites (SNSs). The results of this study indicate an inconsistency in adopting strategies to protect privacy, a disconnect from limiting profile visibility and friending to self-disclosure. More specifically, privacy concerns lead SNS users to limit their profile visibility and discourage them from expanding their network. However, they do not constrain self-disclosure. Similarly, while self-efficacy in privacy management encourages SNS users to limit their profile visibility, it facilitates self-disclosure. This suggests that if users are limiting their profile visibility and constraining their friending behaviors, it does not necessarily mean they will reduce self-disclosure on SNSs because these behaviors are predicted by different factors. In addition, the study finds an interaction effect between privacy concerns and self-efficacy in privacy management on friending. It points to the potential problem of increased risk-taking behaviors resulting from high self-efficacy in privacy management and low privacy concerns.

Strategies for maintaining patient privacy in i2b2.

PubMed

Murphy, Shawn N; Gainer, Vivian; Mendis, Michael; Churchill, Susanne; Kohane, Isaac

2011-12-01

The re-use of patient data from electronic healthcare record systems can provide tremendous benefits for clinical research, but measures to protect patient privacy while utilizing these records have many challenges. Some of these challenges arise from a misperception that the problem should be solved technically when actually the problem needs a holistic solution. The authors' experience with informatics for integrating biology and the bedside (i2b2) use cases indicates that the privacy of the patient should be considered on three fronts: technical de-identification of the data, trust in the researcher and the research, and the security of the underlying technical platforms. The security structure of i2b2 is implemented based on consideration of all three fronts. It has been supported with several use cases across the USA, resulting in five privacy categories of users that serve to protect the data while supporting the use cases. The i2b2 architecture is designed to provide consistency and faithfully implement these user privacy categories. These privacy categories help reflect the policy of both the Health Insurance Portability and Accountability Act and the provisions of the National Research Act of 1974, as embodied by current institutional review boards. By implementing a holistic approach to patient privacy solutions, i2b2 is able to help close the gap between principle and practice.

EPA's Public Access Website Children’s Privacy and Copyright Issues

EPA Pesticide Factsheets

This document establishes the policy for protecting the privacy of children on EPA’s Public Access Web site. It concerns the collection, both online and off, of information from ages 13 and under, and the display of Personally Identifying Information (PII)

Supreme Court Hears Privacy Case Between NASA and Jet Propulsion Laboratory Scientists

NASA Astrophysics Data System (ADS)

Showstack, Randy

2010-10-01

After NASA put into practice the 2004 Homeland Security Presidential Directive-12, known as HSPD-12, Dennis Byrnes talked to then-NASA administrator Michael Griffin. Byrnes recalls that Griffin told him in 2007 that if he didn’t like the agency's implementation of HSPD-12, he should go to court. That's exactly what Byrnes, an employee of the California Institute of Technology (Caltech) working as a senior engineer at NASA's Jet Propulsion Laboratory (JPL) in Pasadena, Calif., did. Concerned about prying and open-ended background investigations of federal contractors through NASA's implementation of HSPD-12, he, along with lead plaintiff Robert Nelson and 26 other Caltech employees working at JPL, sued NASA. Following several lower court decisions, including an injunction issued by a U.S. federal appeals court in response to a plaintiff motion, the case made it all the way to the U.S. Supreme Court, which heard oral arguments on 5 October.

48 CFR 24.203 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 1 2013-10-01 2013-10-01 false Policy. 24.203 Section 24... PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 24.203 Policy. (a) The Act... a large and increasing body of court rulings and policy guidance, contracting officers are cautioned...

Policy forum. Data, privacy, and the greater good.

PubMed

Horvitz, Eric; Mulligan, Deirdre

2015-07-17

Large-scale aggregate analyses of anonymized data can yield valuable results and insights that address public health challenges and provide new avenues for scientific discovery. These methods can extend our knowledge and provide new tools for enhancing health and wellbeing. However, they raise questions about how to best address potential threats to privacy while reaping benefits for individuals and to society as a whole. The use of machine learning to make leaps across informational and social contexts to infer health conditions and risks from nonmedical data provides representative scenarios for reflections on directions with balancing innovation and regulation. Copyright © 2015, American Association for the Advancement of Science.

The Myth, the Truth, the NASA IRB

NASA Technical Reports Server (NTRS)

Covington, M. D.; Flores, M. P.; Neutzler, V. P.; Schlegel, T. T.; Platts, S. H.; Lioyd, C. W.

2017-01-01

The purpose of the NASA Institutional Review Board (IRB) is to review research activities involving human subjects to ensure that ethical standards for the care and protection of human subjects have been met and research activities are in compliance with all pertinent federal, state and local regulations as well as NASA policies. NASA IRB's primary role is the protection of human subjects in research studies. Protection of human subjects is the shared responsibility of NASA, the IRB, and the scientific investigators. Science investigators who plan to conduct NASA-funded human research involving NASA investigators, facilities, or funds must submit and coordinate their research studies for review and approval by the NASA IRB prior to initiation. The IRB has the authority to approve, require changes in, or disapprove research involving human subjects. Better knowledge of the NASA IRB policies, procedures and guidelines should help facilitate research protocol applications and approvals. In this presentation, the myths and truths of NASA IRB policies and procedures will be discussed. We will focus on the policies that guide a protocol through the NASA IRB and the procedures that principal investigators must take to obtain required IRB approvals for their research studies. In addition, tips to help ensure a more efficient IRB review will be provided. By understanding the requirements and processes, investigators will be able to more efficiently prepare their protocols and obtain the required NASA IRB approval in a timely manner.

A Web Policy Primer.

ERIC Educational Resources Information Center

Levine, Elliott

2001-01-01

Sound technology policies can spell the difference between an effective website and an online nightmare. An effective web development policy addresses six key areas: roles and responsibilities, content/educational value, privacy and safety, adherence to copyright laws, technical standards, and use of commercial sites and services. (MLH)

Preserving Patient Privacy When Sharing Same-Disease Data.

PubMed

Liu, Xiaoping; Li, Xiao-Bai; Motiwalla, Luvai; Li, Wenjun; Zheng, Hua; Franklin, Patricia D

2016-10-01

Medical and health data are often collected for studying a specific disease. For such same-disease microdata, a privacy disclosure occurs as long as an individual is known to be in the microdata. Individuals in same-disease microdata are thus subject to higher disclosure risk than those in microdata with different diseases. This important problem has been overlooked in data-privacy research and practice, and no prior study has addressed this problem. In this study, we analyze the disclosure risk for the individuals in same-disease microdata and propose a new metric that is appropriate for measuring disclosure risk in this situation. An efficient algorithm is designed and implemented for anonymizing same-disease data to minimize the disclosure risk while keeping data utility as good as possible. An experimental study was conducted on real patient and population data. Experimental results show that traditional reidentification risk measures underestimate the actual disclosure risk for the individuals in same-disease microdata and demonstrate that the proposed approach is very effective in reducing the actual risk for same-disease data. This study suggests that privacy protection policy and practice for sharing medical and health data should consider not only the individuals' identifying attributes but also the health and disease information contained in the data. It is recommended that data-sharing entities employ a statistical approach, instead of the HIPAA's Safe Harbor policy, when sharing same-disease microdata.

Preserving Patient Privacy When Sharing Same-Disease Data

PubMed Central

LIU, XIAOPING; LI, XIAO-BAI; MOTIWALLA, LUVAI; LI, WENJUN; ZHENG, HUA; FRANKLIN, PATRICIA D.

2016-01-01

Medical and health data are often collected for studying a specific disease. For such same-disease microdata, a privacy disclosure occurs as long as an individual is known to be in the microdata. Individuals in same-disease microdata are thus subject to higher disclosure risk than those in microdata with different diseases. This important problem has been overlooked in data-privacy research and practice, and no prior study has addressed this problem. In this study, we analyze the disclosure risk for the individuals in same-disease microdata and propose a new metric that is appropriate for measuring disclosure risk in this situation. An efficient algorithm is designed and implemented for anonymizing same-disease data to minimize the disclosure risk while keeping data utility as good as possible. An experimental study was conducted on real patient and population data. Experimental results show that traditional reidentification risk measures underestimate the actual disclosure risk for the individuals in same-disease microdata and demonstrate that the proposed approach is very effective in reducing the actual risk for same-disease data. This study suggests that privacy protection policy and practice for sharing medical and health data should consider not only the individuals’ identifying attributes but also the health and disease information contained in the data. It is recommended that data-sharing entities employ a statistical approach, instead of the HIPAA's Safe Harbor policy, when sharing same-disease microdata. PMID:27867450

Research in the Biotech Age: Can Informational Privacy Compete?

ERIC Educational Resources Information Center

Peekhaus, Wilhelm

2008-01-01

This article examines the privacy of personal medical information in the health research context. Arguing that biomedical research in Canada has been caught up in the government's broader neoliberal policy agenda that has positioned biotechnology as a strategic driver of economic growth, the author discusses the tension between informational…

75 FR 50845 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... Policy, Department of Homeland Security, Washington, DC 20528. For privacy issues please contact: Mary...;Prices of new books are listed in the first FEDERAL REGISTER issue of each #0;week. #0; #0; #0; #0;#0...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--027 The History of...

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

21 CFR 21.60 - Policy.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 21 Food and Drugs 1 2014-04-01 2014-04-01 false Policy. 21.60 Section 21.60 Food and Drugs FOOD AND DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL PROTECTION OF PRIVACY Exemptions § 21.60 Policy. It is the policy of the Food and Drug Administration that record systems should be...

Risk-Based Models for Managing Data Privacy in Healthcare

ERIC Educational Resources Information Center

AL Faresi, Ahmed

2011-01-01

Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step…

14 CFR 1216.103 - Responsibilities of NASA officials.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false Responsibilities of NASA officials. 1216... QUALITY Policy on Environmental Quality and Control § 1216.103 Responsibilities of NASA officials. (a) The... NASA policies and positions on matters pertaining to environmental protection and enhancement; (2...

14 CFR 1216.103 - Responsibilities of NASA officials.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false Responsibilities of NASA officials. 1216... QUALITY Policy on Environmental Quality and Control § 1216.103 Responsibilities of NASA officials. (a) The... NASA policies and positions on matters pertaining to environmental protection and enhancement; (2...

14 CFR 1216.103 - Responsibilities of NASA officials.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Responsibilities of NASA officials. 1216... QUALITY Policy on Environmental Quality and Control § 1216.103 Responsibilities of NASA officials. (a) The... NASA policies and positions on matters pertaining to environmental protection and enhancement; (2...

14 CFR 1216.103 - Responsibilities of NASA officials.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Responsibilities of NASA officials. 1216.103... Policy on Environmental Quality and Control § 1216.103 Responsibilities of NASA officials. (a) The... NASA policies and positions on matters pertaining to environmental protection and enhancement; (2...

Informational privacy and the public's health: the Model State Public Health Privacy Act.

PubMed

Gostin, L O; Hodge, J G; Valdiserri, R O

2001-09-01

Protecting public health requires the acquisition, use, and storage of extensive health-related information about individuals. The electronic accumulation and exchange of personal data promises significant public health benefits but also threatens individual privacy; breaches of privacy can lead to individual discrimination in employment, insurance, and government programs. Individuals concerned about privacy invasions may avoid clinical or public health tests, treatments, or research. Although individual privacy protections are critical, comprehensive federal privacy protections do not adequately protect public health data, and existing state privacy laws are inconsistent and fragmented. The Model State Public Health Privacy Act provides strong privacy safeguards for public health data while preserving the ability of state and local public health departments to act for the common good.

Privacy is an essentially contested concept: a multi-dimensional analytic for mapping privacy.

PubMed

Mulligan, Deirdre K; Koopman, Colin; Doty, Nick

2016-12-28

The meaning of privacy has been much disputed throughout its history in response to wave after wave of new technological capabilities and social configurations. The current round of disputes over privacy fuelled by data science has been a cause of despair for many commentators and a death knell for privacy itself for others. We argue that privacy's disputes are neither an accidental feature of the concept nor a lamentable condition of its applicability. Privacy is essentially contested. Because it is, privacy is transformable according to changing technological and social conditions. To make productive use of privacy's essential contestability, we argue for a new approach to privacy research and practical design, focused on the development of conceptual analytics that facilitate dissecting privacy's multiple uses across multiple contexts.This article is part of the themed issue 'The ethical impact of data science'. © 2016 The Author(s).

NASA printing, duplicating, and copying management handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook provides information and procedures for the implementation of NASA policy and applicable laws and regulations relating to printing, duplicating, and copying. The topics addressed include a description of relevant laws and regulations, authorizations required, and responsible entities for NASA printing, duplicating, and copying. The policy of NASA is to ensure understanding and application of authority and responsibility on printing matters. Where necessary, the handbook clarifies the intent of basic laws and regulations applicable to NASA.

The Convergence of Virtual Reality and Social Networks: Threats to Privacy and Autonomy.

PubMed

O'Brolcháin, Fiachra; Jacquemard, Tim; Monaghan, David; O'Connor, Noel; Novitzky, Peter; Gordijn, Bert

2016-02-01

The rapid evolution of information, communication and entertainment technologies will transform the lives of citizens and ultimately transform society. This paper focuses on ethical issues associated with the likely convergence of virtual realities (VR) and social networks (SNs), hereafter VRSNs. We examine a scenario in which a significant segment of the world's population has a presence in a VRSN. Given the pace of technological development and the popularity of these new forms of social interaction, this scenario is plausible. However, it brings with it ethical problems. Two central ethical issues are addressed: those of privacy and those of autonomy. VRSNs pose threats to both privacy and autonomy. The threats to privacy can be broadly categorized as threats to informational privacy, threats to physical privacy, and threats to associational privacy. Each of these threats is further subdivided. The threats to autonomy can be broadly categorized as threats to freedom, to knowledge and to authenticity. Again, these three threats are divided into subcategories. Having categorized the main threats posed by VRSNs, a number of recommendations are provided so that policy-makers, developers, and users can make the best possible use of VRSNs.

Privacy Preserving Association Rule Mining Revisited: Privacy Enhancement and Resources Efficiency

NASA Astrophysics Data System (ADS)

Mohaisen, Abedelaziz; Jho, Nam-Su; Hong, Dowon; Nyang, Daehun

Privacy preserving association rule mining algorithms have been designed for discovering the relations between variables in data while maintaining the data privacy. In this article we revise one of the recently introduced schemes for association rule mining using fake transactions (FS). In particular, our analysis shows that the FS scheme has exhaustive storage and high computation requirements for guaranteeing a reasonable level of privacy. We introduce a realistic definition of privacy that benefits from the average case privacy and motivates the study of a weakness in the structure of FS by fake transactions filtering. In order to overcome this problem, we improve the FS scheme by presenting a hybrid scheme that considers both privacy and resources as two concurrent guidelines. Analytical and empirical results show the efficiency and applicability of our proposed scheme.

In Brief: NASA issues media rules

NASA Astrophysics Data System (ADS)

Zielinski, Sarah

2006-04-01

NASA issues media rules NASA scientists will be able to speak freely about their work to the media and the public, under a newly revised policy announced 30 March by NASA Administrator Michael Griffin. Earlier in the year, the agency had been widely criticized after allegations were published that scientists had been prevented from speaking about controversial topics, such as climate change (see Eos 97(9) 2006). The policy is intended to establish a `culture of openness,' in which scientists may communicate the results and conclusions of their scientific research to the public without hindrance. However, NASA scientists will be required to distinguish personal views from those of the agency. The revised policy also outlines the responsibilities other public affairs staff, who will be prohibited from altering or editing scientific information.

76 FR 67763 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-109)] Privacy Act of 1974; Privacy Act... proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...

48 CFR 624.202 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Policy. 624.202 Section 624.202 Federal Acquisition Regulations System DEPARTMENT OF STATE SOCIOECONOMIC PROGRAMS PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 624.202 Policy. DOS regulations...

48 CFR 2824.202 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Policy. 2824.202 Section 2824.202 Federal Acquisition Regulations System DEPARTMENT OF JUSTICE Socioeconomic Programs PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 2824.202 Policy. Procedures for...

48 CFR 2024.202 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. 2024.202 Section 2024.202 Federal Acquisition Regulations System NUCLEAR REGULATORY COMMISSION SOCIOECONOMIC PROGRAMS PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 2024.202 Policy. The provisions...

48 CFR 2024.202 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. 2024.202 Section 2024.202 Federal Acquisition Regulations System NUCLEAR REGULATORY COMMISSION SOCIOECONOMIC PROGRAMS PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 2024.202 Policy. The provisions...

48 CFR 2824.202 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. 2824.202 Section 2824.202 Federal Acquisition Regulations System DEPARTMENT OF JUSTICE SOCIOECONOMIC PROGRAMS PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 2824.202 Policy. Procedures for...

48 CFR 2824.202 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. 2824.202 Section 2824.202 Federal Acquisition Regulations System DEPARTMENT OF JUSTICE SOCIOECONOMIC PROGRAMS PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 2824.202 Policy. Procedures for...

48 CFR 2024.202 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Policy. 2024.202 Section 2024.202 Federal Acquisition Regulations System NUCLEAR REGULATORY COMMISSION SOCIOECONOMIC PROGRAMS PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 2024.202 Policy. The provisions...

Genetic secrets: Protecting privacy and confidentiality in the genetic era. Final report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rothstein, M.A.

1998-09-01

Few developments are likely to affect human beings more profoundly in the long run than the discoveries resulting from advances in modern genetics. Although the developments in genetic technology promise to provide many additional benefits, their application to genetic screening poses ethical, social, and legal questions, many of which are rooted in issues of privacy and confidentiality. The ethical, practical, and legal ramifications of these and related questions are explored in depth. The broad range of topics includes: the privacy and confidentiality of genetic information; the challenges to privacy and confidentiality that may be projected to result from the emergingmore » genetic technologies; the role of informed consent in protecting the confidentiality of genetic information in the clinical setting; the potential uses of genetic information by third parties; the implications of changes in the health care delivery system for privacy and confidentiality; relevant national and international developments in public policies, professional standards, and laws; recommendations; and the identification of research needs.« less

A proposed legal framework for addressing privacy for patient controlled health records in pediatrics.

PubMed

Bourgeois, Fabienne; Taylor, Patrick; Mandl, Kenneth

2006-01-01

Patient controlled health records(PCHRs) provide widespread and flexible access to integrated medical information. Unique legal challenges arise where the patient is a minor. Variations in laws and statutes concerning minor's rights to privacy and confidentiality, and institutions' local interpretations of them, need to be integrated in the principles governing PCHRs. We propose a legal framework to guide the development of access policies for PCHRs to ensure appropriate privacy and confidentiality protection surrounding minors.

NASA Chief Technologist Hosts Town Hall

NASA Image and Video Library

2010-05-24

NASA's Chief Technologists, Bobby Braun, hosts a Town Hall meeting to discuss agency-wide technology policy and programs at NASA Headquarters on Tuesday, May 25, 2010, in Washington. Photo Credit: (NASA/Carla Cioffi)

75 FR 33811 - Office of the National Coordinator for Health Information Technology; HIT Policy Committee's...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-15

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the National Coordinator for Health Information Technology; HIT Policy Committee's Privacy & Security Tiger Team Meeting; Notice of Meeting AGENCY: Office of... of Committee: HIT Policy Committee's Privacy & Security Tiger Team. General Function of the Committee...

Privacy, Self-Regulation, and the Fight for Control of Personal Information.

ERIC Educational Resources Information Center

Johnston, Scott D.

2000-01-01

Examines the role of self-regulation in the establishment of an informational privacy policy. Discusses information technologies and changes in commerce; personal information in databases; demands for accountability; institutional and enforcement models; legislation; government failures; self-regulation and the individual; and potential problems…

76 FR 64115 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-17

...-leaf binders or file folders, and in electronic media, including NASA's Ethics Program Tracking System... documents, electronic media, micrographic media, photographs, or motion pictures film, and various medical....; General Accounting Office's General Policies/Procedures and Communications Manual, Chapter 7; Treasury...

48 CFR 1827.302 - Policy. (NASA supplements paragraphs (a), (b), (c), (d), (e), (f), (g), and (i)).

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Policy. (NASA supplements paragraphs (a), (b), (c), (d), (e), (f), (g), and (i)). 1827.302 Section 1827.302 Federal Acquisition... the performance of experimental, developmental, or research work with a small business firm or a...

NASA Chief Technologist Hosts Town Hall

NASA Image and Video Library

2010-05-24

Bobby Braun, NASA's Chief Technologist, answers questions during a Town Hall meeting to discuss agency-wide technology policy and programs at NASA Headquarters on Tuesday, May 25, 2010, in Washington. Photo Credit: (NASA/Carla Cioffi)

NASA Chief Technologist Hosts Town Hall

NASA Image and Video Library

2010-05-24

Bobby Braun, right, NASA's Chief Technologist, answers questions during a Town Hall meeting to discuss agency-wide technology policy and programs at NASA Headquarters on Tuesday, May 25, 2010, in Washington. Photo Credit: (NASA/Carla Cioffi)

75 FR 19942 - Information Privacy and Innovation in the Internet Economy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-16

...The National Telecommunications and Information Administration (NTIA) and the International Trade Administration (ITA), on behalf of the U.S. Department of Commerce (Department), will hold a public meeting on May 7, 2010, to discuss the nexus between privacy policy and innovation in the Internet economy.

78 FR 54446 - Privacy Act of 1974: System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-04

... Department of Commerce and the public. While the Department of Commerce may use social media applications to... social media applications is subject to the third party privacy policies posted on their Web sites. The... commented or submitted information on a Department of Commerce section on a social media Web site. The...

Young adult females' views regarding online privacy protection at two time points.

PubMed

Moreno, Megan A; Kelleher, Erin; Ameenuddin, Nusheen; Rastogi, Sarah

2014-09-01

Risks associated with adolescent Internet use include exposure to inappropriate information and privacy violations. Privacy expectations and policies have changed over time. Recent Facebook security setting changes heighten these risks. The purpose of this study was to investigate views and experiences with Internet safety and privacy protection among older adolescent females at two time points, in 2009 and 2012. Two waves of focus groups were conducted, one in 2009 and the other in 2012. During these focus groups, female university students discussed Internet safety risks and strategies and privacy protection. All focus groups were audio recorded and manually transcribed. Qualitative analysis was conducted at the end of each wave and then reviewed and combined in a separate analysis using the constant comparative method. A total of 48 females participated across the two waves. The themes included (1) abundant urban myths, such as the ability for companies to access private information; (2) the importance of filtering one's displayed information; and (3) maintaining age limits on social media access to avoid younger teens' presence on Facebook. The findings present a complex picture of how adolescents view privacy protection and online safety. Older adolescents may be valuable partners in promoting safe and age-appropriate Internet use for younger teens in the changing landscape of privacy. Copyright © 2014. Published by Elsevier Inc.

NASA Chief Technologist Hosts Town Hall

NASA Image and Video Library

2010-05-24

Bobby Braun, NASA's Chief Technologist, is seen on a video monitor during a Town Hall meeting to discuss agency-wide technology policy and programs at NASA Headquarters on Tuesday, May 25, 2010, in Washington. Photo Credit: (NASA/Carla Cioffi)

14 CFR § 1216.103 - Responsibilities of NASA officials.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Responsibilities of NASA officials. § 1216... ENVIRONMENTAL QUALITY Policy on Environmental Quality and Control § 1216.103 Responsibilities of NASA officials... revision of NASA policies and positions on matters pertaining to environmental protection and enhancement...

Trajectory data privacy protection based on differential privacy mechanism

NASA Astrophysics Data System (ADS)

Gu, Ke; Yang, Lihao; Liu, Yongzhi; Liao, Niandong

2018-05-01

In this paper, we propose a trajectory data privacy protection scheme based on differential privacy mechanism. In the proposed scheme, the algorithm first selects the protected points from the user’s trajectory data; secondly, the algorithm forms the polygon according to the protected points and the adjacent and high frequent accessed points that are selected from the accessing point database, then the algorithm calculates the polygon centroids; finally, the noises are added to the polygon centroids by the differential privacy method, and the polygon centroids replace the protected points, and then the algorithm constructs and issues the new trajectory data. The experiments show that the running time of the proposed algorithms is fast, the privacy protection of the scheme is effective and the data usability of the scheme is higher.

Student Privacy versus Campus Safety: Has Recent Legislation Compromised Privacy Rights?

ERIC Educational Resources Information Center

van der Kaay, Christopher D.

This study highlights major legislation addressing campus safety and crime reporting and discusses its impact on a student's right to privacy. The 1974 Family Educational Rights and Privacy Act, commonly referred to as the "Buckley Amendment," was among the first pieces of legislation to address the notion of student privacy and confidentiality.…

48 CFR 2124.102-70 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. 2124.102-70 Section 2124.102-70 Federal Acquisition Regulations System OFFICE OF PERSONNEL MANAGEMENT, FEDERAL... AND FREEDOM OF INFORMATION Protection of Individual Privacy 2124.102-70 Policy. Records retained by...

48 CFR 2124.102-70 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. 2124.102-70 Section 2124.102-70 Federal Acquisition Regulations System OFFICE OF PERSONNEL MANAGEMENT, FEDERAL... AND FREEDOM OF INFORMATION Protection of Individual Privacy 2124.102-70 Policy. Records retained by...

Federal Privacy Laws That Apply to Children and Education. Safeguarding Data

ERIC Educational Resources Information Center

Data Quality Campaign, 2014

2014-01-01

This table identifies and briefly describes the following federal policies that safeguard and protect the confidentiality of personal information: (1) Family Educational Rights and Privacy Act (FERPA); (2) Protection of Pupil Rights Amendment (PPRA); (3) Health Insurance Portability and Accountability Act (HIPAA); (4) Children's Online Privacy…

Privacy and security compliance in the E-healthcare marketplace.

PubMed

Lutes, M

2000-03-01

Complying with security and privacy regulations proposed by HHS in response to the Health Insurance Portability and Accountability Act (HIPAA) will require healthcare managers to address both internal and external business interactions and initiatives. The proposed regulations mandate certain procedures regarding administration, physical safeguards, technical security for data integrity and confidentiality, and technical security against unauthorized access. In particular, the proposed regulations require organizations to contractually ensure that vendors adhere to the regulations. Healthcare organizations also must implement training procedures for staff members who have contact with protected health information and designate a privacy officer to guard against improper disclosure of such information. Documented policies for organizational decision making are vital to an organization's efforts to implement procedures for compliance with the regulations.

Do Online Privacy Concerns Predict Selfie Behavior among Adolescents, Young Adults and Adults?

PubMed Central

Dhir, Amandeep; Torsheim, Torbjørn; Pallesen, Ståle; Andreassen, Cecilie S.

2017-01-01

Selfies, or self-portraits, are often taken and shared on social media for online self-presentation reasons, which are considered essential for the psychosocial development and well-being of people in today’s culture. Despite the growing popularity and widespread sharing of selfies in the online space, little is known about how privacy concerns moderate selfie behavior. In addition to this, it is also not known whether privacy concerns across age and gender groups influence selfie behavior. To address this timely issue, a survey assessing common selfie behaviors, that is, frequency of taking (individual and group selfies), editing (cropping and filtering), and posting selfies online, and social media privacy concerns (over personal data being accessed and misused by third parties) was conducted. The web-survey was administered to 3,763 Norwegian social media users, ranging from 13 to 50 years, with a preponderance of women (n = 2,509, 66.7%). The present study investigated the impact of privacy concerns on selfie behaviors across gender and age groups (adolescent, young adult, and adult) by use of the structural equation modeling approach. The results suggest that young adults have greater privacy concerns compared to adolescents and adults. Females have greater privacy concerns than males. Greater privacy concerns among female social media users were linked to lower engagement in selfie behavior, but privacy concerns did not influence selfie behavior in the case of male adolescents and young adults. Overall, privacy concerns were more consistently and inversely related to selfie behavior (taking and posting) among females than males. The study results have theoretical as well as practical implications for both researchers and policy makers. PMID:28588530

Do Online Privacy Concerns Predict Selfie Behavior among Adolescents, Young Adults and Adults?

PubMed

Dhir, Amandeep; Torsheim, Torbjørn; Pallesen, Ståle; Andreassen, Cecilie S

2017-01-01

Selfies, or self-portraits, are often taken and shared on social media for online self-presentation reasons, which are considered essential for the psychosocial development and well-being of people in today's culture. Despite the growing popularity and widespread sharing of selfies in the online space, little is known about how privacy concerns moderate selfie behavior. In addition to this, it is also not known whether privacy concerns across age and gender groups influence selfie behavior. To address this timely issue, a survey assessing common selfie behaviors, that is, frequency of taking (individual and group selfies), editing (cropping and filtering), and posting selfies online, and social media privacy concerns (over personal data being accessed and misused by third parties) was conducted. The web-survey was administered to 3,763 Norwegian social media users, ranging from 13 to 50 years, with a preponderance of women ( n = 2,509, 66.7%). The present study investigated the impact of privacy concerns on selfie behaviors across gender and age groups (adolescent, young adult, and adult) by use of the structural equation modeling approach. The results suggest that young adults have greater privacy concerns compared to adolescents and adults. Females have greater privacy concerns than males. Greater privacy concerns among female social media users were linked to lower engagement in selfie behavior, but privacy concerns did not influence selfie behavior in the case of male adolescents and young adults. Overall, privacy concerns were more consistently and inversely related to selfie behavior (taking and posting) among females than males. The study results have theoretical as well as practical implications for both researchers and policy makers.

A health app developer's guide to law and policy: a multi-sector policy analysis.

PubMed

Parker, Lisa; Karliychuk, Tanya; Gillies, Donna; Mintzes, Barbara; Raven, Melissa; Grundy, Quinn

2017-10-02

Apps targeted at health and wellbeing sit in a rapidly growing industry associated with widespread optimism about their potential to deliver accessible and cost-effective healthcare. App developers might not be aware of all the regulatory requirements and best practice principles are emergent. Health apps are regulated in order to minimise their potential for harm due to, for example, loss of personal health privacy, financial costs, and health harms from delayed or unnecessary diagnosis, monitoring and treatment. We aimed to produce a comprehensive guide to assist app developers in producing health apps that are legally compliant and in keeping with high professional standards of user protection. We conducted a case study analysis of the Australian and related international policy environment for mental health apps to identify relevant sectors, policy actors, and policy solutions. We identified 29 policies produced by governments and non-government organisations that provide oversight of health apps. In consultation with stakeholders, we developed an interactive tool targeted at app developers, summarising key features of the policy environment and highlighting legislative, industry and professional standards around seven relevant domains: privacy, security, content, promotion and advertising, consumer finances, medical device efficacy and safety, and professional ethics. We annotated this developer guidance tool with information about: the relevance of each domain; existing legislative and non-legislative guidance; critiques of existing policy; recommendations for developers; and suggestions for other key stakeholders. We anticipate that mental health apps developed in accordance with this tool will be more likely to conform to regulatory requirements, protect consumer privacy, protect consumer finances, and deliver health benefit; and less likely to attract regulatory penalties, offend consumers and communities, mislead consumers, or deliver health harms. We

What's that, you say? Employee expectations of privacy when using employer-provided technology--and how employers can defeat them.

PubMed

Herrin, Barry S

2012-01-01

Two 2010 court cases that determined the effectiveness of policies governing employees' use of employer-provided communication devices can be used to guide employers when constructing their own technology policies. In light of a policy that stated that "users should have no expectation of privacy or confidentiality," one case established that the employer was in the right. However, a separate case favored the employee due, in part, to an "unclear and ambiguous" policy. Ultimately, employers can restrict the use of employer-furnished technology by employees by: 1) clearly outlining that employees do not have a reasonable expectation of privacy in their use of company devices; 2) stating that any use of personal e-mail accounts using employer-provided technology will be subject to the policy; 3) detailing all technology used to monitor employees; 4) identifying company devices covered; 5) not exposing the content of employee communications; and 6) having employees sign and acknowledge the policy.

Government-Industry Data Exchange Program (GIDEP) and NASA Advisories

NASA Technical Reports Server (NTRS)

Sampson, Michael J.

2010-01-01

This viewgraph presentation reviews the Government-Industry Data Exchange Program (GIDEP) and NASA Advisories policy to practice. The contents include: 1) Purpose of the Government-Industry Data Exchange Program (GIDEP); 2) NASA and GSFC Documentation; 3) NASA Advisories, differences from GIDEP; 4) GIDEP Distribution by Originator; 5) New Interim GIDEP Policy for Suspect Counterfeits; 6) NASA and Suspect Counterfeits; 7) Threats to GIDEP; and 8) Conclusions and Contact Information.

Protecting Children's Online Privacy.

ERIC Educational Resources Information Center

Kresses, Mamie

2001-01-01

Discuss provisions of new federal Children's Online Privacy Protection Act that principals should know to protect student privacy on the Internet. Also discusses relevant provisions of the Family Educational Rights and Privacy Act. (PKP)

Space Life Sciences at NASA: Spaceflight Health Policy and Standards

NASA Technical Reports Server (NTRS)

Davis, Jeffrey R.; House, Nancy G.

2006-01-01

In January 2005, the President proposed a new initiative, the Vision for Space Exploration. To accomplish the goals within the vision for space exploration, physicians and researchers at Johnson Space Center are establishing spaceflight health standards. These standards include fitness for duty criteria (FFD), permissible exposure limits (PELs), and permissible outcome limits (POLs). POLs delineate an acceptable maximum decrement or change in a physiological or behavioral parameter, as the result of exposure to the space environment. For example cardiovascular fitness for duty standards might be a measurable clinical parameter minimum that allows successful performance of all required duties. An example of a permissible exposure limit for radiation might be the quantifiable limit of exposure over a given length of time (e.g. life time radiation exposure). An example of a permissible outcome limit might be the length of microgravity exposure that would minimize bone loss. The purpose of spaceflight health standards is to promote operational and vehicle design requirements, aid in medical decision making during space missions, and guide the development of countermeasures. Standards will be based on scientific and clinical evidence including research findings, lessons learned from previous space missions, studies conducted in space analog environments, current standards of medical practices, risk management data, and expert recommendations. To focus the research community on the needs for exploration missions, NASA has developed the Bioastronautics Roadmap. The Bioastronautics Roadmap, NASA's approach to identification of risks to human space flight, revised baseline was released in February 2005. This document was reviewed by the Institute of Medicine in November 2004 and the final report was received in October 2005. The roadmap defines the most important research and operational needs that will be used to set policy, standards (define acceptable risk), and

14 CFR 1212.101 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Basic Policy... not limited to, education, financial transactions, medical history, and criminal or employment history... term system manager means the NASA official who is responsible for a system of records as designated in...

14 CFR 1212.101 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Basic Policy... not limited to, education, financial transactions, medical history, and criminal or employment history... term system manager means the NASA official who is responsible for a system of records as designated in...

14 CFR 1212.101 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Basic Policy... not limited to, education, financial transactions, medical history, and criminal or employment history... term system manager means the NASA official who is responsible for a system of records as designated in...

HIPAA privacy rules and compliance with federal and state employment laws: the participant authorization form.

PubMed

Brislin, Joseph A

2003-03-01

Although HIPAA privacy rules do not apply directly to employers or to employment records, they do apply indirectly to employers because employer-sponsored group health plans and all health care providers are covered. HIPAA privacy regulations overlap with federal and state employment laws, and liabilities for breach of confidentiality can be substantial. Employers can use a participant's authorization form to comply with employment laws and company policies. Sample authorization forms are provided at the end of this article.

Context-Aware Generative Adversarial Privacy

NASA Astrophysics Data System (ADS)

Huang, Chong; Kairouz, Peter; Chen, Xiao; Sankar, Lalitha; Rajagopal, Ram

2017-12-01

Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. On the one hand, context-free privacy solutions, such as differential privacy, provide strong privacy guarantees, but often lead to a significant reduction in utility. On the other hand, context-aware privacy solutions, such as information theoretic privacy, achieve an improved privacy-utility tradeoff, but assume that the data holder has access to dataset statistics. We circumvent these limitations by introducing a novel context-aware privacy framework called generative adversarial privacy (GAP). GAP leverages recent advancements in generative adversarial networks (GANs) to allow the data holder to learn privatization schemes from the dataset itself. Under GAP, learning the privacy mechanism is formulated as a constrained minimax game between two players: a privatizer that sanitizes the dataset in a way that limits the risk of inference attacks on the individuals' private variables, and an adversary that tries to infer the private variables from the sanitized dataset. To evaluate GAP's performance, we investigate two simple (yet canonical) statistical dataset models: (a) the binary data model, and (b) the binary Gaussian mixture model. For both models, we derive game-theoretically optimal minimax privacy mechanisms, and show that the privacy mechanisms learned from data (in a generative adversarial fashion) match the theoretically optimal ones. This demonstrates that our framework can be easily applied in practice, even in the absence of dataset statistics.

The Health Insurance Portability and Accountability Act: security and privacy requirements.

PubMed

Tribble, D A

2001-05-01

The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information.

Protecting genetic privacy.

PubMed

Roche, P A; Annas, G J

2001-05-01

This article outlines the arguments for and against new rules to protect genetic privacy. We explain why genetic information is different to other sensitive medical information, why researchers and biotechnology companies have opposed new rules to protect genetic privacy (and favour anti-discrimination laws instead), and discuss what can be done to protect privacy in relation to genetic-sequence information and to DNA samples themselves.

STS pricing policy

NASA Technical Reports Server (NTRS)

Lee, C. M.; Stone, B.

1982-01-01

In 1977 NASA published Shuttle Reimbursement Policies for Civil U.S. Government, DOD and Commercial and Foreign Users. These policies were based on the principle of total cost recovery over a period of time with a fixed flat price for initial period to time to enhance transition. This fixed period was to be followed with annual adjustments thereafter, NASA is establishing a new price for 1986 and beyond. In order to recover costs, that price must be higher than the initial fixed price through FY 1985. NASA intends to remain competitive. Competitive posture includes not only price, but other factors such as assured launch, reliability, and unique services. NASA's pricing policy considers all these factors.

Disentangling privacy from property: toward a deeper understanding of genetic privacy.

PubMed

Suter, Sonia M

2004-04-01

With the mapping of the human genome, genetic privacy has become a concern to many. People care about genetic privacy because genes play an important role in shaping us--our genetic information is about us, and it is deeply connected to our sense of ourselves. In addition, unwanted disclosure of our genetic information, like a great deal of other personal information, makes us vulnerable to unwanted exposure, stigmatization, and discrimination. One recent approach to protecting genetic privacy is to create property rights in genetic information. This Article argues against that approach. Privacy and property are fundamentally different concepts. At heart, the term "property" connotes control within the marketplace and over something that is disaggregated or alienable from the self. "Privacy," in contrast, connotes control over access to the self as well as things close to, intimately connected to, and about the self. Given these different meanings, a regime of property rights in genetic information would impoverish our understanding of that information, ourselves, and the relationships we hope will be built around and through its disclosure. This Article explores our interests in genetic information in order to deepen our understanding of the ongoing discourse about the distinction between property and privacy. It develops a conception of genetic privacy with a strong relational component. We ordinarily share genetic information in the context of relationships in which disclosure is important to the relationship--family, intimate, doctor-patient, researcher-participant, employer-employee, and insurer-insured relationships. Such disclosure makes us vulnerable to and dependent on the person to whom we disclose it. As a result, trust is essential to the integrity of these relationships and our sharing of genetic information. Genetic privacy can protect our vulnerability in these relationships and enhance the trust we hope to have in them. Property, in contrast, by

Policymaking to preserve privacy in disclosure of public health data: a suggested framework.

PubMed

Mizani, Mehrdad A; Baykal, Nazife

2015-03-01

Health organisations in Turkey gather a vast amount of valuable individual data that can be used for public health purposes. The organisations use rigid methods to remove some useful details from the data while publishing the rest of the data in a highly aggregated form, mostly because of privacy concerns and lack of standardised policies. This action leads to information loss and bias affecting public health research. Hence, organisations need dynamic policies and well-defined procedures rather than a specific algorithm to protect the privacy of individual data. To address this need, we developed a framework for the systematic application of anonymity methods while reducing and objectively reporting the information loss without leaking confidentiality. This framework acts as a roadmap for policymaking by providing high-level pseudo-policies with semitechnical guidelines in addition to some sample scenarios suitable for policymakers, public health programme managers and legislators. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees.

PubMed

Ren, Hao; Li, Hongwei; Liang, Xiaohui; He, Shibo; Dai, Yuanshun; Zhao, Lian

2016-09-10

With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one.

14 CFR 1214.303 - Policy.

Code of Federal Regulations, 2011 CFR

2011-01-01

... change in the U.S. outlook and policies with respect to the flight of other than NASA astronauts. NASA.... (2) NASA policies and their implementation recognize that: (i) Every flight of the Shuttle involves... orbit by the Space Shuttle. (3) All Shuttle flights will be planned with a minimum NASA crew of five...

14 CFR 1214.303 - Policy.

Code of Federal Regulations, 2013 CFR

2013-01-01

... change in the U.S. outlook and policies with respect to the flight of other than NASA astronauts. NASA.... (2) NASA policies and their implementation recognize that: (i) Every flight of the Shuttle involves... orbit by the Space Shuttle. (3) All Shuttle flights will be planned with a minimum NASA crew of five...

14 CFR 1214.303 - Policy.

Code of Federal Regulations, 2012 CFR

2012-01-01

... change in the U.S. outlook and policies with respect to the flight of other than NASA astronauts. NASA.... (2) NASA policies and their implementation recognize that: (i) Every flight of the Shuttle involves... orbit by the Space Shuttle. (3) All Shuttle flights will be planned with a minimum NASA crew of five...

14 CFR 1214.303 - Policy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... change in the U.S. outlook and policies with respect to the flight of other than NASA astronauts. NASA.... (2) NASA policies and their implementation recognize that: (i) Every flight of the Shuttle involves... orbit by the Space Shuttle. (3) All Shuttle flights will be planned with a minimum NASA crew of five...

Gender and online privacy among teens: risk perception, privacy concerns, and protection behaviors.

PubMed

Youn, Seounmi; Hall, Kimberly

2008-12-01

Survey data from 395 high school students revealed that girls perceive more privacy risks and have a higher level of privacy concerns than boys. Regarding privacy protection behaviors, boys tended to read unsolicited e-mail and register for Web sites while directly sending complaints in response to unsolicited e-mail. This study found girls to provide inaccurate information as their privacy concerns increased. Boys, however, refrained from registering to Web sites as their concerns increased.

Privacy, confidentiality, and electronic medical records.

PubMed Central

Barrows, R C; Clayton, P D

1996-01-01

The enhanced availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cost of health care, yet it brings a concomitant concern of greater risk for loss of privacy among health care participants. The authors review the conflicting goals of accessibility and security for electronic medical records and discuss nontechnical and technical aspects that constitute a reasonable security solution. It is argued that with guiding policy and current technology, an electronic medical record may offer better security than a traditional paper record. PMID:8653450

Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees

PubMed Central

Ren, Hao; Li, Hongwei; Liang, Xiaohui; He, Shibo; Dai, Yuanshun; Zhao, Lian

2016-01-01

With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one. PMID:27626417

Using the Personal Health Train for Automated and Privacy-Preserving Analytics on Vertically Partitioned Data.

PubMed

van Soest, Johan; Sun, Chang; Mussmann, Ole; Puts, Marco; van den Berg, Bob; Malic, Alexander; van Oppen, Claudia; Towend, David; Dekker, Andre; Dumontier, Michel

2018-01-01

Conventional data mining algorithms are unable to satisfy the current requirements on analyzing big data in some fields such as medicine, policy making, judicial, and tax records. However, applying diverse datasets from different institutes (both healthcare and non-healthcare related) can enrich information and insights. So far, analyzing this data in an automated, privacy-preserving manner does not exist to our knowledge. In this work, we propose an infrastructure, and proof-of-concept for privacy-preserving analytics on vertically partitioned data.

48 CFR 39.105 - Privacy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 1 2012-10-01 2012-10-01 false Privacy. 39.105 Section 39... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.105 Privacy. Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act (5 U.S.C...

48 CFR 39.105 - Privacy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 1 2014-10-01 2014-10-01 false Privacy. 39.105 Section 39... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.105 Privacy. Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act (5 U.S.C...

48 CFR 39.105 - Privacy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 1 2011-10-01 2011-10-01 false Privacy. 39.105 Section 39... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.105 Privacy. Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act (5 U.S.C...

48 CFR 39.105 - Privacy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 1 2013-10-01 2013-10-01 false Privacy. 39.105 Section 39... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.105 Privacy. Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act (5 U.S.C...

[The Comparison of the Difference Between the Emphasis on and the Receipt of Patient Privacy in the Hospital Setting].

PubMed

Li, Chiu-Kuel; Lin, Chiou-Fen

2015-10-01

Privacy is a unique privilege for humans. Enhancing the balance between the importance given to patient privacy and the receipt of this privacy by patients is one key approach to improving the relationship between patients and the hospital. This study compared the difference between the importance of patient privacy and receipt of this privacy by patients as a reference for future patient privacy policy planning. This study was a cross-sectional design. We randomly sampled three hospitals in northern Taiwan and investigated patients using a questionnaire. The questionnaire was self-designed and verified for reliability and validity. We used frequency and percentage to describe demographic data and used a t-test to compare the deviation between the emphasis on and receipt of patient privacy. There were 296 valid samples in this study and the effective rate was 84.57%. The highest degree of importance was information privacy and the lowest was physical privacy. Physical privacy (t = 3.04, p < .001) and mental privacy (t = 2.42, p < .01) exhibited significant differences between emphasis and receipt. Demographic data on gender, age, education level, marital status, and occupation. Type of hospital and ward level correlated with the emphasis and receipt of privacy. The importance of privacy for physical and mental wellbeing was higher than the actual receipt of this privacy among the patient sample. The importance of privacy for married individuals and young women with high education levels was higher, while males and less-educated individuals scored lower in terms of privacy receipt. Medical agencies must provide higher levels of physical and mental privacy in order to enhance patient satisfaction.

Privacy is an essentially contested concept: a multi-dimensional analytic for mapping privacy

PubMed Central

Koopman, Colin; Doty, Nick

2016-01-01

The meaning of privacy has been much disputed throughout its history in response to wave after wave of new technological capabilities and social configurations. The current round of disputes over privacy fuelled by data science has been a cause of despair for many commentators and a death knell for privacy itself for others. We argue that privacy’s disputes are neither an accidental feature of the concept nor a lamentable condition of its applicability. Privacy is essentially contested. Because it is, privacy is transformable according to changing technological and social conditions. To make productive use of privacy’s essential contestability, we argue for a new approach to privacy research and practical design, focused on the development of conceptual analytics that facilitate dissecting privacy’s multiple uses across multiple contexts. This article is part of the themed issue ‘The ethical impact of data science’. PMID:28336797

Privacy-Preserving Location-Based Service Scheme for Mobile Sensing Data.

PubMed

Xie, Qingqing; Wang, Liangmin

2016-11-25

With the wide use of mobile sensing application, more and more location-embedded data are collected and stored in mobile clouds, such as iCloud, Samsung cloud, etc. Using these data, the cloud service provider (CSP) can provide location-based service (LBS) for users. However, the mobile cloud is untrustworthy. The privacy concerns force the sensitive locations to be stored on the mobile cloud in an encrypted form. However, this brings a great challenge to utilize these data to provide efficient LBS. To solve this problem, we propose a privacy-preserving LBS scheme for mobile sensing data, based on the RSA (for Rivest, Shamir and Adleman) algorithm and ciphertext policy attribute-based encryption (CP-ABE) scheme. The mobile cloud can perform location distance computing and comparison efficiently for authorized users, without location privacy leakage. In the end, theoretical security analysis and experimental evaluation demonstrate that our scheme is secure against the chosen plaintext attack (CPA) and efficient enough for practical applications in terms of user side computation overhead.

NASA metric transition plan

NASA Technical Reports Server (NTRS)

1992-01-01

NASA science publications have used the metric system of measurement since 1970. Although NASA has maintained a metric use policy since 1979, practical constraints have restricted actual use of metric units. In 1988, an amendment to the Metric Conversion Act of 1975 required the Federal Government to adopt the metric system except where impractical. In response to Public Law 100-418 and Executive Order 12770, NASA revised its metric use policy and developed this Metric Transition Plan. NASA's goal is to use the metric system for program development and functional support activities to the greatest practical extent by the end of 1995. The introduction of the metric system into new flight programs will determine the pace of the metric transition. Transition of institutional capabilities and support functions will be phased to enable use of the metric system in flight program development and operations. Externally oriented elements of this plan will introduce and actively support use of the metric system in education, public information, and small business programs. The plan also establishes a procedure for evaluating and approving waivers and exceptions to the required use of the metric system for new programs. Coordination with other Federal agencies and departments (through the Interagency Council on Metric Policy) and industry (directly and through professional societies and interest groups) will identify sources of external support and minimize duplication of effort.

Privacy and Library Records

ERIC Educational Resources Information Center

Bowers, Stacey L.

2006-01-01

This paper summarizes the history of privacy as it relates to library records. It commences with a discussion of how the concept of privacy first originated through case law and follows the concept of privacy as it has affected library records through current day and the "USA PATRIOT Act."

14 CFR 1215.112 - User/NASA contractual arrangement.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true User/NASA contractual arrangement. 1215.112... User/NASA contractual arrangement. (a) The NASA Administrator reserves the right to waive any portion of the reimbursement due to NASA under the provisions of the reimbursement policy. (b) When NASA has...

14 CFR 1215.112 - User/NASA contractual arrangement.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false User/NASA contractual arrangement. 1215.112... User/NASA contractual arrangement. (a) The NASA Administrator reserves the right to waive any portion of the reimbursement due to NASA under the provisions of the reimbursement policy. (b) When NASA has...

14 CFR 1215.112 - User/NASA contractual arrangement.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false User/NASA contractual arrangement. 1215.112... User/NASA contractual arrangement. (a) The NASA Administrator reserves the right to waive any portion of the reimbursement due to NASA under the provisions of the reimbursement policy. (b) When NASA has...

Towards a privacy preserving cohort discovery framework for clinical research networks.

PubMed

Yuan, Jiawei; Malin, Bradley; Modave, François; Guo, Yi; Hogan, William R; Shenkman, Elizabeth; Bian, Jiang

2017-02-01

The last few years have witnessed an increasing number of clinical research networks (CRNs) focused on building large collections of data from electronic health records (EHRs), claims, and patient-reported outcomes (PROs). Many of these CRNs provide a service for the discovery of research cohorts with various health conditions, which is especially useful for rare diseases. Supporting patient privacy can enhance the scalability and efficiency of such processes; however, current practice mainly relies on policy, such as guidelines defined in the Health Insurance Portability and Accountability Act (HIPAA), which are insufficient for CRNs (e.g., HIPAA does not require encryption of data - which can mitigate insider threats). By combining policy with privacy enhancing technologies we can enhance the trustworthiness of CRNs. The goal of this research is to determine if searchable encryption can instill privacy in CRNs without sacrificing their usability. We developed a technique, implemented in working software to enable privacy-preserving cohort discovery (PPCD) services in large distributed CRNs based on elliptic curve cryptography (ECC). This technique also incorporates a block indexing strategy to improve the performance (in terms of computational running time) of PPCD. We evaluated the PPCD service with three real cohort definitions: (1) elderly cervical cancer patients who underwent radical hysterectomy, (2) oropharyngeal and tongue cancer patients who underwent robotic transoral surgery, and (3) female breast cancer patients who underwent mastectomy) with varied query complexity. These definitions were tested in an encrypted database of 7.1 million records derived from the publically available Healthcare Cost and Utilization Project (HCUP) Nationwide Inpatient Sample (NIS). We assessed the performance of the PPCD service in terms of (1) accuracy in cohort discovery, (2) computational running time, and (3) privacy afforded to the underlying records during PPCD. The

Challenges of Information Technology Security in the NASA Environment

NASA Technical Reports Server (NTRS)

Santiago, S. S.

2000-01-01

A brief description of the NASA organization and how the CIO responsibilities are integrated into that organization followed by an introduction of the NASA ITS Program goals and objectives. An overview of the four major enterprises' cultures and how those cultures tie back to the Enterprises' missions. A description of the ITS challenges that exist stemming from the competing NASA Enterprises' requirements and how they have formed the basis of the NASA ITS Program. A talk will focus on policies and procedures and the technology being incorporated into the NASA infrastructure and how that technology ties back to the policies and procedures.

Privacy and Data Protection in Japan.

ERIC Educational Resources Information Center

Srinivasan, Srinija

1992-01-01

Discussion of individual rights and privacy in Japan focuses on the Privacy Protection Act, which acknowledges the threat posed by government databases to the individual's right of privacy. Characteristics of the Japanese legal system are described, origins of privacy in Japanese law are examined, and privacy and government databases are…

Privacy and occupational health services

PubMed Central

Heikkinen, A; Launis, V; Wainwright, P; Leino‐Kilpi, H

2006-01-01

Privacy is a key ethical principle in occupational health services. Its importance is emphasised in several laws, in ethical codes of conduct as well as in the literature, yet there is only very limited empirical research on privacy in the occupational health context. Conceptual questions on privacy in the occupational health context are discussed. The baseline assumption is that, in this context, privacy cannot be approached and examined only from the employee's (an individual) vantage point but the employer's (a group) point of view must also be taken into account, and that the concept has several dimensions (physical, social, informational and psychological). Even though privacy is a basic human need, there is no universally accepted definition of the concept and no consensus on whether an organisation can have privacy in the same way as people do. Many of the challenges surrounding privacy in the context of occupational health seem to be associated with the dual loyalties of occupational health professionals towards the employee and employer and with their simultaneous duties of disseminating and protecting information (informational privacy). Privacy is thus not an absolute value, but more research is needed to understand its multidimensional nature in the context of occupational health. PMID:16943333

Mum's the Word: Feds Are Serious About Protecting Patients' Privacy.

PubMed

Conde, Crystal

2010-08-01

The Health Information Technology for Economic and Clinical Health (HITECH) Act significantly changes HIPAA privacy and security policies that affect physicians. Chief among the changes are the new breach notification regulations, developed by the U.S. Department of Health and Human Services Office for Civil Rights. The Texas Medical Association has developed resources to help physicians comply with the new HIPAA regulations.

Toward Privacy-preserving Content Access Control for Information Centric Networking

DTIC Science & Technology

2014-03-01

REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

Preempting genetic discrimination and assaults on privacy: report of a symposium.

PubMed

Shinaman, Aileen; Bain, Lisa J; Shoulson, Ira

2003-08-01

At a symposium in June, 2002, biomedical researchers, clinicians, legal experts, policymakers, and representatives of the insurance industry and the advocacy community gathered to address issues of genetic privacy and discrimination; and to identify research, legal, and policy gaps needing to be filled. They concluded that over the next decade, as more genetic information becomes available and the public becomes more aware of individual risks, concerns about privacy and discrimination will become increasingly important. Documented cases of genetic discrimination are rare and largely anecdotal, yet individuals with genetic conditions harbor significant fears about discrimination. Current laws enacted to protect individuals from workplace and insurance discrimination offer some measure of protection, but leave many unfilled gaps. Moreover, the use of genetic information in potentially discriminatory ways is not limited to employment and insurability. Existing laws do little to protect people seeking life, disability, or long-term care insurance. And the courts have used genetic information in a wide variety of cases including paternity, criminal, and tort (personal injury) cases. Genetic information that might jeopardize an individual's right to privacy may also be obtained in the course of research studies, including through the collection of DNA and tissue samples. The insurance industry, State and Federal agencies, and the advocacy community are all making efforts to address some of these gaps through legislation and education of clinicians, the public, and policy makers. Copyright 2003 Wiley-Liss, Inc.

48 CFR 1424.203 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 1424.203 Policy. (a) The... restrictions on the disclosure and use of proposal data that certain data may be subject to disclosure under a...

48 CFR 1424.203 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 1424.203 Policy. (a) The... restrictions on the disclosure and use of proposal data that certain data may be subject to disclosure under a...

48 CFR 1424.203 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION Freedom of Information Act 1424.203 Policy. (a) The... restrictions on the disclosure and use of proposal data that certain data may be subject to disclosure under a...

NASA's P-3 at Sunrise

NASA Image and Video Library

2017-12-08

NASA's P-3B airborne laboratory on the ramp at Thule Air Base in Greenland early on the morning of Mar. 21, 2013. Credit: NASA/Goddard/Christy Hansen NASA's Operation IceBridge is an airborne science mission to study Earth's polar ice. For more information about IceBridge, visit: www.nasa.gov/icebridge NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

Privacy information management for video surveillance

NASA Astrophysics Data System (ADS)

Luo, Ying; Cheung, Sen-ching S.

2013-05-01

The widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been proposed to automatically redact images of trusted individuals in the surveillance video. To identify these individuals for protection, the most reliable approach is to use biometric signals such as iris patterns as they are immutable and highly discriminative. In this paper, we propose a privacy data management system to be used in a privacy-aware video surveillance system. The privacy status of a subject is anonymously determined based on her iris pattern. For a trusted subject, the surveillance video is redacted and the original imagery is considered to be the privacy information. Our proposed system allows a subject to access her privacy information via the same biometric signal for privacy status determination. Two secure protocols, one for privacy information encryption and the other for privacy information retrieval are proposed. Error control coding is used to cope with the variability in iris patterns and efficient implementation is achieved using surrogate data records. Experimental results on a public iris biometric database demonstrate the validity of our framework.

Social Network Privacy: Overcoming Facebook Policies that put Users at Risk

DTIC Science & Technology

2011-01-01

risks. The Rise of Facebook Facebook is one of the largest web sites in the world. The site was started in 2004 by Mark Zucker- berg when he was...sites collect. Aggregation of Facebook Data Could a more sophisticated aggregation of Facebook data allow privacy to be exposed? Facebook CEO Mark ... Zuckerberg says he is providing “the power to share in or- der to make the world more open…” Facebook’s advanced search allows one to query the

NASA records retention schedules: Procedures governing the retention, retirement, and destruction of agency records

NASA Technical Reports Server (NTRS)

1994-01-01

This handbook sets forth the minimum retention periods of official records of NASA. Its provisions are applicable to NASA Headquarters and all field installations. This revised edition has been correlated to the 'NASA Uniform Files Index (UFI) (NHB 1442.1B), the General Records Schedules' produced by the National Archives and Records Administration (NARA), and has been enlarged in scope to cover Privacy Act Systems of Records and record series previously omitted. Guidance is provided in the areas of record retirement, transfer, and retrieval from Federal Record Centers (FRC) and disposal actions. Included are provisions for making changes to these schedules by addition of new items or revision of current items. The NASA Records Retention Schedules (NRRS) were approved for NASA use by NARA, the General Services Administration, and the General Accounting Office.

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

14 CFR § 1214.303 - Policy.

Code of Federal Regulations, 2014 CFR

2014-01-01

... change in the U.S. outlook and policies with respect to the flight of other than NASA astronauts. NASA.... (2) NASA policies and their implementation recognize that: (i) Every flight of the Shuttle involves... orbit by the Space Shuttle. (3) All Shuttle flights will be planned with a minimum NASA crew of five...

Privacy and Technology: Folk Definitions and Perspectives

PubMed Central

Kwasny, Michelle N.; Caine, Kelly E.; Rogers, Wendy A.; Fisk, Arthur D.

2017-01-01

In this paper we present preliminary results from a study of individual differences in privacy beliefs, as well as relate folk definitions of privacy to extant privacy theory. Focus groups were conducted with young adults aged 18–28 and older adults aged 65–75. Participants first shared their individual definitions of privacy, followed by a discussion of privacy in six scenarios chosen to represent a range of potentially invasive situations. Taken together, Westin’s and Altman’s theories of privacy accounted for both younger and older adults’ ideas about privacy, however, neither theory successfully accounted for findings across all age and gender groups. Whereas males tended to think of privacy in terms of personal needs and convenience, females focused more on privacy in terms of others, respecting privacy rights, and safety. Older adults tended to be more concerned about privacy of space rather than information privacy. Initial results reinforce the notion that targeting HCI design to the user population, even with respect to privacy, is critically important. PMID:29057397

Legal and ethical issues in neuroimaging research: human subjects protection, medical privacy, and the public communication of research results.

PubMed

Kulynych, Jennifer

2002-12-01

Humans subjects research entails significant legal and ethical obligations. Neuroimaging researchers must be familiar with the requirements of human subjects protection, including evolving standards for the protection of privacy and the disclosure of risk in "non-therapeutic" research. Techniques for creating veridical surface renderings from volumetric anatomical imaging data raise new privacy concerns, particularly under the federal medical privacy regulation. Additionally, neuroimaging researchers must consider their obligation to communicate research results responsibly. The emerging field of neuroethics should strive to raise awareness of these issues and to involve neuroimaging researchers in the legal, ethical, and policy debates that currently surround human subjects research.

Privacy, autonomy, and public policy: French and North American perspectives.

PubMed

Merchant, Jennifer

2016-12-01

This article raises the question of whether in both the United States and in France, an individual's autonomy and private decision-making right(s) in matters of health care and access to reproductive technologies can be conciliated with the general interest, and more specifically, the role of the State. Can a full-fledged right to privacy, the ability to exercise one's autonomy, exist alongside the general interest, and depend neither on financial resources like in the United States nor on centralised government decisions or the medical hierarchy like in France? The contrast between these two modern democracies justify the importance of comparing them. I will demonstrate that overlaps do exist: the free exercise of religion and opinion, freedom of expression, the inherent value of each individual. What differs, however, are the institutions and how they provide, protect, promote, or frame access to and expressions of these democratic principles. The impact of the global economy, the exposure of people around the world to each other via the internet, and the mirror effects of social media, blogs, and other such forums, have created new perspectives that countries project onto one another. For example, does France now seem to tout 'autonomy' as a new and important value because it appears to be an 'American success story'? Does the United States now seem to value human rights and a social-democratic approach because of the 'French model'? There seems to be some truth behind these assertions, but as this article will demonstrate, the portrayals of what the 'right to privacy' is in the United States and what 'socialised medicine' is in France are not necessarily fully accurate.

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. 1804.470-2 Section... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security policies and procedures for unclassified information and IT are prescribed in NASA Policy Directive (NPD...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. 1804.470-2 Section... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security policies and procedures for unclassified information and IT are prescribed in NASA Policy Directive (NPD...

Nasa's Planetary Geologic Mapping Program: Overview

NASA Astrophysics Data System (ADS)

Williams, D. A.

2016-06-01

NASA's Planetary Science Division supports the geologic mapping of planetary surfaces through a distinct organizational structure and a series of research and analysis (R&A) funding programs. Cartography and geologic mapping issues for NASA's planetary science programs are overseen by the Mapping and Planetary Spatial Infrastructure Team (MAPSIT), which is an assessment group for cartography similar to the Mars Exploration Program Assessment Group (MEPAG) for Mars exploration. MAPSIT's Steering Committee includes specialists in geological mapping, who make up the Geologic Mapping Subcommittee (GEMS). I am the GEMS Chair, and with a group of 3-4 community mappers we advise the U.S. Geological Survey Planetary Geologic Mapping Coordinator (Dr. James Skinner) and develop policy and procedures to aid the planetary geologic mapping community. GEMS meets twice a year, at the Annual Lunar and Planetary Science Conference in March, and at the Annual Planetary Mappers' Meeting in June (attendance is required by all NASA-funded geologic mappers). Funding programs under NASA's current R&A structure to propose geological mapping projects include Mars Data Analysis (Mars), Lunar Data Analysis (Moon), Discovery Data Analysis (Mercury, Vesta, Ceres), Cassini Data Analysis (Saturn moons), Solar System Workings (Venus or Jupiter moons), and the Planetary Data Archiving, Restoration, and Tools (PDART) program. Current NASA policy requires all funded geologic mapping projects to be done digitally using Geographic Information Systems (GIS) software. In this presentation we will discuss details on how geologic mapping is done consistent with current NASA policy and USGS guidelines.

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

Privacy Act Statement

EPA Pesticide Factsheets

Any information you provide to the Environmental Protection Agency’s (EPA) Suspension and Debarment Program will be governed by the Privacy Act and will be included in the EPA Debarment and Suspension Files, a Privacy Act system of records.

48 CFR 1845.405-70 - NASA procedures.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true NASA procedures. 1845.405-70 Section 1845.405-70 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND SPACE...-70 NASA procedures. (a) NASA policy is to recover a fair share of the cost of Government production...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

Partitioning-based mechanisms under personalized differential privacy.

PubMed

Li, Haoran; Xiong, Li; Ji, Zhanglong; Jiang, Xiaoqian

2017-05-01

Differential privacy has recently emerged in private statistical aggregate analysis as one of the strongest privacy guarantees. A limitation of the model is that it provides the same privacy protection for all individuals in the database. However, it is common that data owners may have different privacy preferences for their data. Consequently, a global differential privacy parameter may provide excessive privacy protection for some users, while insufficient for others. In this paper, we propose two partitioning-based mechanisms, privacy-aware and utility-based partitioning, to handle personalized differential privacy parameters for each individual in a dataset while maximizing utility of the differentially private computation. The privacy-aware partitioning is to minimize the privacy budget waste, while utility-based partitioning is to maximize the utility for a given aggregate analysis. We also develop a t -round partitioning to take full advantage of remaining privacy budgets. Extensive experiments using real datasets show the effectiveness of our partitioning mechanisms.

Partitioning-based mechanisms under personalized differential privacy

PubMed Central

Li, Haoran; Xiong, Li; Ji, Zhanglong; Jiang, Xiaoqian

2017-01-01

Differential privacy has recently emerged in private statistical aggregate analysis as one of the strongest privacy guarantees. A limitation of the model is that it provides the same privacy protection for all individuals in the database. However, it is common that data owners may have different privacy preferences for their data. Consequently, a global differential privacy parameter may provide excessive privacy protection for some users, while insufficient for others. In this paper, we propose two partitioning-based mechanisms, privacy-aware and utility-based partitioning, to handle personalized differential privacy parameters for each individual in a dataset while maximizing utility of the differentially private computation. The privacy-aware partitioning is to minimize the privacy budget waste, while utility-based partitioning is to maximize the utility for a given aggregate analysis. We also develop a t-round partitioning to take full advantage of remaining privacy budgets. Extensive experiments using real datasets show the effectiveness of our partitioning mechanisms. PMID:28932827

Analyzing privacy requirements: A case study of healthcare in Saudi Arabia.

PubMed

Ebad, Shouki A; Jaha, Emad S; Al-Qadhi, Mohammed A

2016-01-01

Developing legally compliant systems is a challenging software engineering problem, especially in systems that are governed by law, such as healthcare information systems. This challenge comes from the ambiguities and domain-specific definitions that are found in governmental rules. Therefore, there is a significant business need to automatically analyze privacy texts, extract rules and subsequently enforce them throughout the supply chain. The existing works that analyze health regulations use the U.S. Health Insurance Portability and Accountability Act as a case study. In this article, we applied the Breaux and Antón approach to the text of the Saudi Arabian healthcare privacy regulations; in Saudi Arabia, privacy is among the top dilemmas for public and private healthcare practitioners. As a result, we extracted and analyzed 2 rights, 4 obligations, 22 constraints, and 6 rules. Our analysis can assist requirements engineers, standards organizations, compliance officers and stakeholders by ensuring that their systems conform to Saudi policy. In addition, this article discusses the threats to the study validity and suggests open problems for future research.

Privacy-Preserving Location-Based Service Scheme for Mobile Sensing Data †

PubMed Central

Xie, Qingqing; Wang, Liangmin

2016-01-01

With the wide use of mobile sensing application, more and more location-embedded data are collected and stored in mobile clouds, such as iCloud, Samsung cloud, etc. Using these data, the cloud service provider (CSP) can provide location-based service (LBS) for users. However, the mobile cloud is untrustworthy. The privacy concerns force the sensitive locations to be stored on the mobile cloud in an encrypted form. However, this brings a great challenge to utilize these data to provide efficient LBS. To solve this problem, we propose a privacy-preserving LBS scheme for mobile sensing data, based on the RSA (for Rivest, Shamir and Adleman) algorithm and ciphertext policy attribute-based encryption (CP-ABE) scheme. The mobile cloud can perform location distance computing and comparison efficiently for authorized users, without location privacy leakage. In the end, theoretical security analysis and experimental evaluation demonstrate that our scheme is secure against the chosen plaintext attack (CPA) and efficient enough for practical applications in terms of user side computation overhead. PMID:27897984

Location Privacy in RFID Applications

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

PubMed

Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

Ethics and Privacy.

ERIC Educational Resources Information Center

Brewer, Erin; Eastmond, Nick; Geertsen, Reed; Johnson, Doug; Lewandowski, Judith; Yeaman, Andrew R. J.

2003-01-01

Contains four articles covering trends and issues on ethics and privacy in instructional technology, including: considerations for assessing ethical issues; what schools must do to develop ethical behaviors in students; a privacy primer for educators; and manufacturing technophopia. Each article contains references. (MES)

Evaluating the privacy properties of telephone metadata.

PubMed

Mayer, Jonathan; Mutchler, Patrick; Mitchell, John C

2016-05-17

Since 2013, a stream of disclosures has prompted reconsideration of surveillance law and policy. One of the most controversial principles, both in the United States and abroad, is that communications metadata receives substantially less protection than communications content. Several nations currently collect telephone metadata in bulk, including on their own citizens. In this paper, we attempt to shed light on the privacy properties of telephone metadata. Using a crowdsourcing methodology, we demonstrate that telephone metadata is densely interconnected, can trivially be reidentified, and can be used to draw sensitive inferences.

Evaluating the privacy properties of telephone metadata

PubMed Central

Mayer, Jonathan; Mutchler, Patrick; Mitchell, John C.

2016-01-01

Since 2013, a stream of disclosures has prompted reconsideration of surveillance law and policy. One of the most controversial principles, both in the United States and abroad, is that communications metadata receives substantially less protection than communications content. Several nations currently collect telephone metadata in bulk, including on their own citizens. In this paper, we attempt to shed light on the privacy properties of telephone metadata. Using a crowdsourcing methodology, we demonstrate that telephone metadata is densely interconnected, can trivially be reidentified, and can be used to draw sensitive inferences. PMID:27185922

78 FR 18932 - Public Meeting: Unmanned Aircraft Systems Test Site Program; Privacy Approach

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-28

... operation of the UAS Test Sites. They are not intended to pre-determine the long- term policy and regulatory...-0061] Public Meeting: Unmanned Aircraft Systems Test Site Program; Privacy Approach AGENCY: Federal... the unmanned aircraft systems (UAS) test site program. The FAA is seeking the views from the public...

Quantifying Differential Privacy under Temporal Correlations

PubMed Central

Cao, Yang; Yoshikawa, Masatoshi; Xiao, Yonghui; Xiong, Li

2017-01-01

Differential Privacy (DP) has received increasing attention as a rigorous privacy framework. Many existing studies employ traditional DP mechanisms (e.g., the Laplace mechanism) as primitives, which assume that the data are independent, or that adversaries do not have knowledge of the data correlations. However, continuous generated data in the real world tend to be temporally correlated, and such correlations can be acquired by adversaries. In this paper, we investigate the potential privacy loss of a traditional DP mechanism under temporal correlations in the context of continuous data release. First, we model the temporal correlations using Markov model and analyze the privacy leakage of a DP mechanism when adversaries have knowledge of such temporal correlations. Our analysis reveals that the privacy loss of a DP mechanism may accumulate and increase over time. We call it temporal privacy leakage. Second, to measure such privacy loss, we design an efficient algorithm for calculating it in polynomial time. Although the temporal privacy leakage may increase over time, we also show that its supremum may exist in some cases. Third, to bound the privacy loss, we propose mechanisms that convert any existing DP mechanism into one against temporal privacy leakage. Experiments with synthetic data confirm that our approach is efficient and effective. PMID:28883711

Quantifying Differential Privacy under Temporal Correlations.

PubMed

Cao, Yang; Yoshikawa, Masatoshi; Xiao, Yonghui; Xiong, Li

2017-04-01

Differential Privacy (DP) has received increasing attention as a rigorous privacy framework. Many existing studies employ traditional DP mechanisms (e.g., the Laplace mechanism) as primitives, which assume that the data are independent, or that adversaries do not have knowledge of the data correlations. However, continuous generated data in the real world tend to be temporally correlated, and such correlations can be acquired by adversaries. In this paper, we investigate the potential privacy loss of a traditional DP mechanism under temporal correlations in the context of continuous data release. First, we model the temporal correlations using Markov model and analyze the privacy leakage of a DP mechanism when adversaries have knowledge of such temporal correlations. Our analysis reveals that the privacy loss of a DP mechanism may accumulate and increase over time . We call it temporal privacy leakage . Second, to measure such privacy loss, we design an efficient algorithm for calculating it in polynomial time. Although the temporal privacy leakage may increase over time, we also show that its supremum may exist in some cases. Third, to bound the privacy loss, we propose mechanisms that convert any existing DP mechanism into one against temporal privacy leakage. Experiments with synthetic data confirm that our approach is efficient and effective.

NASA Future Forum

NASA Image and Video Library

2012-02-21

Dr. Caroline Wagner, associate professor, Ambassador Milton A. and Roslyn Z. Wolf Chair in International Affairs, and Director, Battelle Center for Science and Technology Policy, The Ohio State University moderates the NASA Future Forum panel titled "Shifting Roles for Public, Private, and International Players in Space" at The Ohio State University on Tuesday, Feb. 21, 2012 in Columbus, Ohio. The NASA Future Forum features panel discussions on the importance of education to our nation's future in space, the benefit of commercialized space technology to our economy and lives here on Earth, and the shifting roles for the public, commercial and international communities in space. Photo Credit: (NASA/Bill Ingalls)

A standardised graphic method for describing data privacy frameworks in primary care research using a flexible zone model.

PubMed

Kuchinke, Wolfgang; Ohmann, Christian; Verheij, Robert A; van Veen, Evert-Ben; Arvanitis, Theodoros N; Taweel, Adel; Delaney, Brendan C

2014-12-01

To develop a model describing core concepts and principles of data flow, data privacy and confidentiality, in a simple and flexible way, using concise process descriptions and a diagrammatic notation applied to research workflow processes. The model should help to generate robust data privacy frameworks for research done with patient data. Based on an exploration of EU legal requirements for data protection and privacy, data access policies, and existing privacy frameworks of research projects, basic concepts and common processes were extracted, described and incorporated into a model with a formal graphical representation and a standardised notation. The Unified Modelling Language (UML) notation was enriched by workflow and own symbols to enable the representation of extended data flow requirements, data privacy and data security requirements, privacy enhancing techniques (PET) and to allow privacy threat analysis for research scenarios. Our model is built upon the concept of three privacy zones (Care Zone, Non-care Zone and Research Zone) containing databases, data transformation operators, such as data linkers and privacy filters. Using these model components, a risk gradient for moving data from a zone of high risk for patient identification to a zone of low risk can be described. The model was applied to the analysis of data flows in several general clinical research use cases and two research scenarios from the TRANSFoRm project (e.g., finding patients for clinical research and linkage of databases). The model was validated by representing research done with the NIVEL Primary Care Database in the Netherlands. The model allows analysis of data privacy and confidentiality issues for research with patient data in a structured way and provides a framework to specify a privacy compliant data flow, to communicate privacy requirements and to identify weak points for an adequate implementation of data privacy. Copyright © 2014 Elsevier Ireland Ltd. All rights

Sharing health-related data: a privacy test?

PubMed Central

Dyke, Stephanie OM; Dove, Edward S; Knoppers, Bartha M

2016-01-01

Greater sharing of potentially sensitive data raises important ethical, legal and social issues (ELSI), which risk hindering and even preventing useful data sharing if not properly addressed. One such important issue is respecting the privacy-related interests of individuals whose data are used in genomic research and clinical care. As part of the Global Alliance for Genomics and Health (GA4GH), we examined the ELSI status of health-related data that are typically considered ‘sensitive’ in international policy and data protection laws. We propose that ‘tiered protection’ of such data could be implemented in contexts such as that of the GA4GH Beacon Project to facilitate responsible data sharing. To this end, we discuss a Data Sharing Privacy Test developed to distinguish degrees of sensitivity within categories of data recognised as ‘sensitive’. Based on this, we propose guidance for determining the level of protection when sharing genomic and health-related data for the Beacon Project and in other international data sharing initiatives. PMID:27990299

75 FR 20298 - Privacy Act Regulations

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-19

... Part 200 RIN 0430-AA03 Privacy Act Regulations AGENCY: Recovery Accountability and Transparency Board... amend the Board's regulations implementing the Privacy Act of 1974 (Privacy Act), as amended. This proposed rule would exempt certain systems of records from certain sections of the Privacy Act. These...

Locking it down: The privacy and security of mobile medication apps.

PubMed

Grindrod, Kelly; Boersema, Jonathan; Waked, Khrystine; Smith, Vivian; Yang, Jilan; Gebotys, Catherine

2017-01-01

To explore the privacy and security of free medication applications (apps) available to Canadian consumers. The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen's Kappa statistic was used to measure interrater agreement. Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps.

14 CFR 1212.100 - Scope and purpose.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Scope and purpose. 1212.100 Section 1212.100 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Basic Policy... and other remedies. This part applies to systems of records located at or under the cognizance of NASA...

The Risks to Patient Privacy from Publishing Data from Clinical Anesthesia Studies.

PubMed

O'Neill, Liam; Dexter, Franklin; Zhang, Nan

2016-06-01

In this article, we consider the privacy implications of posting data from small, randomized trials, observational studies, or case series in anesthesia from a few (e.g., 1-3) hospitals. Prior to publishing such data as supplemental digital content, the authors remove attributes that could be used to re-identify individuals, a process known as "anonymization." Posting health information that has been properly "de-identified" is assumed to pose no risks to patient privacy. Yet, computer scientists have demonstrated that this assumption is flawed. We consider various realistic scenarios of how the publication of such data could lead to breaches of patient privacy. Several examples of successful privacy attacks are reviewed, as well as the methods used. We survey the latest models and methods from computer science for protecting health information and their application to posting data from small anesthesia studies. To illustrate the vulnerability of such published data, we calculate the "population uniqueness" for patients undergoing one or more surgical procedures using data from the State of Texas. For a patient selected uniformly at random, the probability that an adversary could match this patient's record to a unique record in the state external database was 42.8% (SE < 0.1%). Despite the 42.8% being an unacceptably high level of risk, it underestimates the risk for patients from smaller states or provinces. We propose an editorial policy that greatly reduces the likelihood of a privacy breach, while supporting the goal of transparency of the research process.

Privacy for All Students? Talking about and around Trans Students in "Public"

ERIC Educational Resources Information Center

Stiegler, Sam

2016-01-01

This paper places under examination the arguments used to fight against school policies and legislation intended to guarantee and protect the rights of trans students. That is, the paper's central investigation works to uncover the regimes of truth about children, gender, race and privacy implicit in the methods employed by activists who seek to…

NASA policy on pricing shuttle launch services

NASA Technical Reports Server (NTRS)

Smith, J. M.

1977-01-01

The paper explains the rationale behind key elements of the pricing policy for STS, the major features of the non-government user policy, and some of the stimulating features of the policy which will open space to a wide range of new users. Attention is given to such major policy features as payment schedule, cost and standard services, the two phase pricing structure, optional services, shared flights, cancellation and postponement, and earnest money.

More Than Defense in Daily Experience of Privacy: The Functions of Privacy in Digital and Physical Environments

PubMed Central

Lombardi, Debora Benedetta; Ciceri, Maria Rita

2016-01-01

The purpose of the current study was to investigate the experience of privacy, focusing on its functional role in personal well-being. A sample (N = 180) comprised subjects between 18 and 50 years of age were asked to spontaneously provide accounts of their experiences with privacy and answer close-ended questions to acquire a description of a daily experience of privacy. The results showed the importance attributed to the function of privacy related to the “defense from social threats”, and the twofold function of privacy related to an “achieved state of privacy”, in the terms of both “system maintenance” and “system development”. The results also shed light on the role of the environment in shaping one’s experience of privacy. Specifically, the participants recognized more easily the function of defense from threats related to seeking privacy while interacting in digital environments, whereas they seemed to benefit from positive functions related to an achieved state of privacy in physical environments. The findings sustain the notion of privacy as a supportive condition for some psychological processes involved in the positive human functioning and confirm previous studies conducted on the role of privacy in human well-being. PMID:27247696

48 CFR 39.105 - Privacy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.105 Privacy. Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act (5 U.S.C... operation of a system of records using commercial information technology services or information technology...

45 CFR 5b.3 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 1 2010-10-01 2010-10-01 false Policy. 5b.3 Section 5b.3 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ADMINISTRATION PRIVACY ACT REGULATIONS § 5b.3 Policy. It is... public is entitled to have under the Freedom of Information Act, 5 U.S.C. 552, and part 5 of this title. ...

Children's Online Privacy.

ERIC Educational Resources Information Center

Aidman, Amy

2000-01-01

The first federal Internet privacy law (the Children's Online Privacy Protection Act) provides safeguards for children by regulating collection of their personal information. Unfortunately, teens are not protected. Legislation is pending to protect children from online marketers such as ZapMe! Interactive technologies require constant vigilance.…

Information Privacy Revealed

ERIC Educational Resources Information Center

Lavagnino, Merri Beth

2013-01-01

Why is Information Privacy the focus of the January-February 2013 issue of "EDUCAUSE Review" and "EDUCAUSE Review Online"? Results from the 2012 annual survey of the International Association of Privacy Professionals (IAPP) indicate that "meeting regulatory compliance requirements continues to be the top perceived driver…

Privacy protection for HealthGrid applications.

PubMed

Claerhout, B; De Moor, G J E

2005-01-01

This contribution aims at introducing the problem of privacy protection in e-Health and at describing a number of existing privacy enhancing techniques (PETs). The recognition that privacy constitutes a fundamental right is gradually entering public awareness. Because healthcare-related data are susceptible to being abused for many obvious reasons, public apprehension about privacy has focused on medical data. Public authorities have become convinced of the need to enforce privacy protection and make considerable efforts for promoting through privacy protection legislation the deployment of PETs. Based on the study of the specific features of Grid technology, ways in which PET services could be integrated in the HealthGrid are being analyzed. Grid technology aims at removing barriers between local and remote resources. The privacy and legal issues raised by the HealthGrid are caused by the transparent interchange and processing of sensitive medical information. PET technology has already proven its usefulness for privacy protection in health-related marketing and research data collection. While this paper does not describe market-ready solutions for privacy protection in the HealthGrid, it puts forward several cases in which the Grid may benefit from PETs. Early integration of privacy protection services into the HealthGrid can lead to a synergy that is beneficial for the development of the HealthGrid itself.

The Need for Privacy and the Application of Privacy to the Day Care Setting.

ERIC Educational Resources Information Center

Jacobs, Ellen

This paper, focusing on young children's need for privacy, describes a study conducted to determine the manner in which children in day care centers resolve the problem of reduced space and time for privacy. A pilot study revealed that children displayed three privacy seeking behaviors: (1) verbal and nonverbal territorial behavior (use or defense…

77 FR 57015 - Privacy Act; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-17

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2012-OS-0104] 32 CFR Part 319 Privacy... the records in another Privacy Act system of records. DIA is updating the DIA Privacy Act Program by... its Privacy Programs. DoD expects no opposition to the changes and no significant adverse comments...

Employee Privacy Rights: A Management Guide.

ERIC Educational Resources Information Center

Shepard, Ira Michael; Olsen, Harry

Employee privacy rights are considered, along with practical problems and permissible parameters of employer activity. Included is a state-by-state analysis of the status of workplace privacy. Definitions are offered of "invasion of privacy," with attention to four types of privacy invasions: (1) placing someone in a "false light," (2) the public…

Privacy in Social Networks: A Survey

NASA Astrophysics Data System (ADS)

Zheleva, Elena; Getoor, Lise

In this chapter, we survey the literature on privacy in social networks. We focus both on online social networks and online affiliation networks. We formally define the possible privacy breaches and describe the privacy attacks that have been studied. We present definitions of privacy in the context of anonymization together with existing anonymization techniques.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Privacy Expectations in Online Contexts

ERIC Educational Resources Information Center

Pure, Rebekah Abigail

2013-01-01

Advances in digital networked communication technology over the last two decades have brought the issue of personal privacy into sharper focus within contemporary public discourse. In this dissertation, I explain the Fourth Amendment and the role that privacy expectations play in the constitutional protection of personal privacy generally, and…

Lynda Barry Visits NASA Goddard

NASA Image and Video Library

2017-12-08

Cartoonist and professor of creativity Lynda Barry presented the benefits of creativity in everyday life as part of Goddard's Office of Communications Story Lab seminar series. Read more: www.nasa.gov/feature/goddard/2016/cartoonist-discusses-cr... Credit: NASA/Goddard/Rebecca Roth NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

Senator Barbara Mikulski Visits NASA Goddard

NASA Image and Video Library

2017-12-08

Maryland's Sen. Barbara Mikulski greeted employees at NASA's Goddard Space Flight Center in Greenbelt, Maryland, during a packed town hall meeting Jan. 6. She discussed her history with Goddard and appropriations for NASA in 2016. Read more: www.nasa.gov/feature/goddard/2016/maryland-sen-barbara-mi... Credit: NASA/Goddard/Rebecca Roth NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

Senator Barbara Mikulski Visits NASA Goddard

NASA Image and Video Library

2016-01-06

Maryland's Sen. Barbara Mikulski greeted employees at NASA's Goddard Space Flight Center in Greenbelt, Maryland, during a packed town hall meeting Jan. 6. She discussed her history with Goddard and appropriations for NASA in 2016. Read more: www.nasa.gov/feature/goddard/2016/maryland-sen-barbara-mi... Credit: NASA/Goddard/Rebecca Roth NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

Senator Barbara Mikulski Visits NASA Goddard

NASA Image and Video Library

2017-12-08

Maryland's Sen. Barbara Mikulski greeted employees at NASA's Goddard Space Flight Center in Greenbelt, Maryland, during a packed town hall meeting Jan. 6. She discussed her history with Goddard and appropriations for NASA in 2016. Read more: www.nasa.gov/feature/goddard/2016/maryland-sen-barbara-mi... Credit: NASA/Goddard/Bill Hrybyk NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

Senator Barbara Mikulski Visits NASA Goddard

NASA Image and Video Library

2016-01-06

Maryland's Sen. Barbara Mikulski greeted employees at NASA's Goddard Space Flight Center in Greenbelt, Maryland, during a packed town hall meeting Jan. 6. She discussed her history with Goddard and appropriations for NASA in 2016. Read more: www.nasa.gov/feature/goddard/2016/maryland-sen-barbara-mi... Credit: NASA/Goddard/Bill Hrybyk NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

12 CFR 332.8 - Revised privacy notices.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 5 2014-01-01 2014-01-01 false Revised privacy notices. 332.8 Section 332.8... PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.8 Revised privacy notices. (a... described in your prior notice. (c) Delivery. When you are required to deliver a revised privacy notice by...

12 CFR 332.8 - Revised privacy notices.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 12 Banks and Banking 5 2012-01-01 2012-01-01 false Revised privacy notices. 332.8 Section 332.8... PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.8 Revised privacy notices. (a... described in your prior notice. (c) Delivery. When you are required to deliver a revised privacy notice by...

12 CFR 332.8 - Revised privacy notices.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Revised privacy notices. 332.8 Section 332.8... PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.8 Revised privacy notices. (a... described in your prior notice. (c) Delivery. When you are required to deliver a revised privacy notice by...

12 CFR 332.8 - Revised privacy notices.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 4 2011-01-01 2011-01-01 false Revised privacy notices. 332.8 Section 332.8... PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.8 Revised privacy notices. (a... described in your prior notice. (c) Delivery. When you are required to deliver a revised privacy notice by...

12 CFR 332.8 - Revised privacy notices.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Revised privacy notices. 332.8 Section 332.8... PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 332.8 Revised privacy notices. (a... described in your prior notice. (c) Delivery. When you are required to deliver a revised privacy notice by...

Biobank research and the right to privacy.

PubMed

Ursin, Lars Oystein

2008-01-01

What is privacy? What does privacy mean in relation to biobanking, in what way do the participants have an interest in privacy, (why) is there a right to privacy, and how should the privacy issue be regulated when it comes to biobank research? A relational view of privacy is argued for in this article, which takes as its basis a general discussion of several concepts of privacy and attempts at grounding privacy rights. In promoting and protecting the rights that participants in biobank research might have to privacy, it is argued that their interests should be related to the specific context of the provision and reception of health care that participation in biobank research is connected with. Rather than just granting participants an exclusive right to or ownership of their health information, which must be waived in order to make biobank research possible, the privacy aspect of health information should be viewed in light of the moral rights and duties that accompany any involvement in a research based system of health services.

Swedish Delegation Visits NASA Goddard

NASA Image and Video Library

2017-12-08

Swedish Delegation Visits GSFC – May 3, 2017 - Members of the Royal Swedish Academy of Engineering Sciences listen to Dr. Compton Tucker’s presentation on NASA’s earth science research activities in the Piers Sellers Visualization Theatre in Building 28 at NASA Goddard. Photo Credit: NASA/Goddard/Rebecca Roth Read more: go.nasa.gov/2p1rP0h NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

Swedish Delegation Visits NASA Goddard

NASA Image and Video Library

2017-12-08

Swedish Delegation Visits GSFC – May 3, 2017 - Members of the Royal Swedish Academy of Engineering Sciences listen to Dr. Compton Tucker’s presentation on NASA’s earth science research activities in the Piers Sellers Visualization Theatre in Building 28 at NASA Goddard. Credit: NASA/Goddard/Bill Hrybyk Read more: go.nasa.gov/2p1rP0h NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

Swedish Delegation Visits NASA Goddard

NASA Image and Video Library

2017-12-08

Swedish Delegation Visits GSFC – May 3, 2017 - Members of the Royal Swedish Academy of Engineering Sciences listen to Dr. Joihn Mather’s presentation on NASA’s astrophysics research activities in the Piers Sellers Visualization Theatre in Building 28 at NASA Goddard. Credit: NASA/Goddard/Bill Hrybyk Read more: go.nasa.gov/2p1rP0h NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

NASA partnership with industry: Enhancing technology transfer

NASA Technical Reports Server (NTRS)

1983-01-01

Recognizing the need to accelerate and expand the application of NASA-derived technology for other civil uses in the United States, potential opportunities were assessed; the range of benefits to NASA, industry and the nations were explored; public policy implications were assessed; and this new range of opportunities were related to current technology transfer programs of NASA.

Privacy and ethics in pediatric environmental health research-part I: genetic and prenatal testing.

PubMed

Fisher, Celia B

2006-10-01

The pressing need for empirically informed public policies aimed at understanding and promoting children's health has challenged environmental scientists to modify traditional research paradigms and reevaluate their roles and obligations toward research participants. Methodologic approaches to children's environmental health research raise ethical challenges for which federal regulations may provide insufficient guidance. In this article I begin with a general discussion of privacy concerns and informed consent within pediatric environmental health research contexts. I then turn to specific ethical challenges associated with research on genetic determinants of environmental risk, prenatal studies and maternal privacy, and data causing inflicted insight or affecting the informational rights of third parties.

Privacy and Ethics in Pediatric Environmental Health Research—Part I: Genetic and Prenatal Testing

PubMed Central

Fisher, Celia B.

2006-01-01

The pressing need for empirically informed public policies aimed at understanding and promoting children’s health has challenged environmental scientists to modify traditional research paradigms and reevaluate their roles and obligations toward research participants. Methodologic approaches to children’s environmental health research raise ethical challenges for which federal regulations may provide insufficient guidance. In this article I begin with a general discussion of privacy concerns and informed consent within pediatric environmental health research contexts. I then turn to specific ethical challenges associated with research on genetic determinants of environmental risk, prenatal studies and maternal privacy, and data causing inflicted insight or affecting the informational rights of third parties. PMID:17035153

Documenting death: public access to government death records and attendant privacy concerns.

PubMed

Boles, Jeffrey R

2012-01-01

This Article examines the contentious relationship between public rights to access government-held death records and privacy rights concerning the deceased, whose personal information is contained in those same records. This right of access dispute implicates core democratic principles and public policy interests. Open access to death records, such as death certificates and autopsy reports, serves the public interest by shedding light on government agency performance, uncovering potential government wrongdoing, providing data on public health trends, and aiding those investigating family history, for instance. Families of the deceased have challenged the release of these records on privacy grounds, as the records may contain sensitive and embarrassing information about the deceased. Legislatures and the courts addressing this dispute have collectively struggled to reconcile the competing open access and privacy principles. The Article demonstrates how a substantial portion of the resulting law in this area is haphazardly formed, significantly overbroad, and loaded with unintended consequences. The Article offers legal reforms to bring consistency and coherence to this currently disordered area of jurisprudence.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

PubMed Central

Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

User Centric Policy Management

ERIC Educational Resources Information Center

Cheek, Gorrell P.

2013-01-01

Internet use, in general, and online social networking sites, in particular, are experiencing tremendous growth with hundreds of millions of active users. As a result, there is a tremendous amount of privacy information and content online. Protecting this information is a challenge. Access control policy composition is complex, laborious and…

14 CFR 1216.303 - Responsibilities of NASA officials.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Responsibilities of NASA officials. 1216.303... Procedures for Implementing the National Environmental Policy Act (NEPA) § 1216.303 Responsibilities of NASA... procedures of this subpart and for ensuring that environmental factors are properly considered in all NASA...

NASA Satellite View of Antarctica

NASA Image and Video Library

2017-12-08

NASA image acquired November 2, 2011 The Moderate Resolution Imaging Spectroradiometer (MODIS) instrument on NASA's Terra satellite captured this image of the Knox, Budd Law Dome, and Sabrina Coasts, Antarctica on November 2, 2011 at 01:40 UTC (Nov. 1 at 9:40 p.m. EDT). Operation Ice Bridge is exploring Antarctic ice, and more information can be found at www.nasa.gov/icebridge. Image Credit: NASA Goddard MODIS Rapid Response Team NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

Toward practicing privacy

PubMed Central

Dwork, Cynthia; Pottenger, Rebecca

2013-01-01

Private data analysis—the useful analysis of confidential data—requires a rigorous and practicable definition of privacy. Differential privacy, an emerging standard, is the subject of intensive investigation in several diverse research communities. We review the definition, explain its motivation, and discuss some of the challenges to bringing this concept to practice. PMID:23243088

NASA Applied Sciences Program

NASA Technical Reports Server (NTRS)

Estes, Sue M.; Haynes, J. A.

2009-01-01

NASA's strategic Goals: a) Develop a balanced overall program of science, exploration, and aeronautics consistent with the redirection of human spaceflight program to focus on exploration. b) Study Earth from space to advance scientific understanding and meet societal needs. NASA's partnership efforts in global modeling and data assimilation over the next decade will shorten the distance from observations to answers for important, leading-edge science questions. NASA's Applied Sciences program will continue the Agency's efforts in benchmarking the assimilation of NASA research results into policy and management decision-support tools that are vital for the Nation's environment, economy, safety, and security. NASA also is working with NOAH and inter-agency forums to transition mature research capabilities to operational systems, primarily the polar and geostationary operational environmental satellites, and to utilize fully those assets for research purposes.

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Advertising and Invasion of Privacy.

ERIC Educational Resources Information Center

Rohrer, Daniel Morgan

The right of privacy as it relates to advertising and the use of a person's name or likeness is discussed in this paper. After an introduction that traces some of the history of invasion of privacy in court decisions, the paper examines cases involving issues such as public figures and newsworthy items, right of privacy waived, right of privacy…

Balancing between two goods: Health Insurance Portability and Accountability Act and ethical compliancy considerations for privacy-sensitive materials in health sciences archival and historical special collections.

PubMed

Wiener, Judith A; Gilliland, Anne T

2011-01-01

The investigation provides recommendations for establishing institutional collection guidelines and policies that protect the integrity of the historical record, while upholding the privacy and confidentiality of those who are protected by Health Insurance Portability and Accountability Act (HIPAA) or professional ethical standards. The authors completed a systematic historical investigation of the concepts of collection integrity, privacy, and confidentiality in the formal and informal legal and professional ethics literature and applied these standards to create best practices for institutional policies in these areas. Through an in-depth examination of the historical concepts of privacy and confidentiality in the legal and professional ethics literature, the authors were able to create recommendations that would allow institutions to provide access to important, yet sensitive, materials, while complying with the standards set by HIPAA regulations and professional ethical expectations. With thoughtful planning, it is possible to balance the integrity of and access to the historical record of sensitive documents, while supporting the privacy protections of HIPAA and professional ethical standards. Although it is theorized that collection development policies of institutions have changed due to HIPAA legislation, additional research is suggested to see how various legal interpretations have affected the integrity of the historical record in actuality.

Response to Sputnik: The creation of NASA

NASA Technical Reports Server (NTRS)

1980-01-01

The merger of academic, industrial, and political forces in the United States after the launching of Sputnik 1 is described. The decisions and governmental policies that lead to the formation of NASA are summarized. The question of whether NASA would be a military of civilian operation is discussed and the importance of the decision to have NASA as a civilian organization is emphasized.

NASA Engineers Conduct Low Light Test on New Technology for NASA Webb Telescope

NASA Image and Video Library

2014-09-02

NASA engineers inspect a new piece of technology developed for the James Webb Space Telescope, the micro shutter array, with a low light test at NASA's Goddard Space Flight Center in Greenbelt, Maryland. Developed at Goddard to allow Webb's Near Infrared Spectrograph to obtain spectra of more than 100 objects in the universe simultaneously, the micro shutter array uses thousands of tiny shutters to capture spectra from selected objects of interest in space and block out light from all other sources. Credit: NASA/Goddard/Chris Gunn NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

NASA Requirements for Ground-Based Pressure Vessels and Pressurized Systems (PVS). Revision C

NASA Technical Reports Server (NTRS)

Greulich, Owen Rudolf

2017-01-01

The purpose of this document is to ensure the structural integrity of PVS through implementation of a minimum set of requirements for ground-based PVS in accordance with this document, NASA Policy Directive (NPD) 8710.5, NASA Safety Policy for Pressure Vessels and Pressurized Systems, NASA Procedural Requirements (NPR) 8715.3, NASA General Safety Program Requirements, applicable Federal Regulations, and national consensus codes and standards (NCS).

Swedish Delegation Visits NASA Goddard

NASA Image and Video Library

2017-12-08

Swedish Delegation Visits GSFC – May 3, 2017 –Goddard Space Flight Center senior management and members of the Royal Swedish Academy walk towards Building 29 as part of the Swedish delegation’s tour of the center. Credit: NASA/Goddard/Bill Hrybyk Read more: go.nasa.gov/2p1rP0h NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

NASA Goddard All Hands Meeting

NASA Image and Video Library

2017-12-08

Monday, September 30, 2013 - NASA Goddard civil servant and contractor employees were invited to an all hands meeting with Center Director Chris Scolese and members of the senior management team to learn the latest information about a possible partial government shutdown that could happen as early as midnight. Credit: NASA/Goddard/Bill Hrybyk NASA image use policy. NASA Goddard Space Flight Center enables NASA’s mission through four scientific endeavors: Earth Science, Heliophysics, Solar System Exploration, and Astrophysics. Goddard plays a leading role in NASA’s accomplishments by contributing compelling scientific knowledge to advance the Agency’s mission. Follow us on Twitter Like us on Facebook Find us on Instagram

75 FR 81205 - Privacy Act: Revision of Privacy Act Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-27

... DEPARTMENT OF AGRICULTURE Office of the Secretary Privacy Act: Revision of Privacy Act Systems of.... SUMMARY: Notice is hereby given that the United States Department of Agriculture (USDA) proposes to revise... from participating in SNAP. Dated: December 14, 2010. Thomas J. Vilsack, Secretary of Agriculture...

14 CFR 1221.101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Policy. 1221.101 Section 1221.101 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION THE NASA SEAL AND OTHER DEVICES, AND THE CONGRESSIONAL SPACE MEDAL OF HONOR NASA Seal, NASA Insignia, NASA Logotype, NASA Program Identifiers, NASA Flags...

14 CFR 1204.1001 - Policy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Policy. 1204.1001 Section 1204.1001 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION ADMINISTRATIVE AUTHORITY AND POLICY Inspection of Persons and Personal Effects at NASA Installations or on NASA Property; Trespass or...

14 CFR 1204.1001 - Policy.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Policy. 1204.1001 Section 1204.1001 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION ADMINISTRATIVE AUTHORITY AND POLICY Inspection of Persons and Personal Effects at NASA Installations or on NASA Property; Trespass or...

Achieving a Risk-Informed Decision-Making Environment at NASA: The Emphasis of NASA's Risk Management Policy

NASA Technical Reports Server (NTRS)

Dezfuli, Homayoon

2010-01-01

This slide presentation reviews the evolution of risk management (RM) at NASA. The aim of the RM approach at NASA is to promote an approach that is heuristic, proactive, and coherent across all of NASA. Risk Informed Decision Making (RIDM) is a decision making process that uses a diverse set of performance measures along with other considerations within a deliberative process to inform decision making. RIDM is invoked for key decisions such as architecture and design decisions, make-buy decisions, and budget reallocation. The RIDM process and how it relates to the continuous Risk Management (CRM) process is reviewed.

39 CFR 266.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PRIVACY OF INFORMATION § 266.2 Policy. It is the... describes any characteristic or provides historical information about an individual or that affords a basis... of any affiliation with an organization or activity, or admission to an institution, is accurate...

39 CFR 266.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PRIVACY OF INFORMATION § 266.2 Policy. It is the... describes any characteristic or provides historical information about an individual or that affords a basis... of any affiliation with an organization or activity, or admission to an institution, is accurate...

39 CFR 266.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PRIVACY OF INFORMATION § 266.2 Policy. It is the... describes any characteristic or provides historical information about an individual or that affords a basis... of any affiliation with an organization or activity, or admission to an institution, is accurate...

39 CFR 266.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PRIVACY OF INFORMATION § 266.2 Policy. It is the... describes any characteristic or provides historical information about an individual or that affords a basis... of any affiliation with an organization or activity, or admission to an institution, is accurate...

39 CFR 266.2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PRIVACY OF INFORMATION § 266.2 Policy. It is the... describes any characteristic or provides historical information about an individual or that affords a basis... of any affiliation with an organization or activity, or admission to an institution, is accurate...

NASA Publications Guide

NASA Technical Reports Server (NTRS)

1982-01-01

The publication programs and management policies of NASA are described and the details that authors and publication specialists need to know to carry out the agency's mission of disseminating the scientific and technical information derived from its activities are highlighted. Topics covered include the various kinds of NASA formal publications; selection of publication medium; printing and distribution; and requirements concerning style and format standards, copyright transfers, the cover, color, and foldouts. The sections of a report are delineated and editorial and page make-up responsibilities are also discussed.

32 CFR 310.43 - Privacy Act inspections.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Privacy Act inspections. 310.43 Section 310.43 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DOD PRIVACY PROGRAM Inspections § 310.43 Privacy Act inspections. During internal inspections...

32 CFR 310.43 - Privacy Act inspections.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Privacy Act inspections. 310.43 Section 310.43 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DOD PRIVACY PROGRAM Inspections § 310.43 Privacy Act inspections. During internal inspections...

32 CFR 310.43 - Privacy Act inspections.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Privacy Act inspections. 310.43 Section 310.43 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DOD PRIVACY PROGRAM Inspections § 310.43 Privacy Act inspections. During internal inspections...

32 CFR 310.43 - Privacy Act inspections.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Privacy Act inspections. 310.43 Section 310.43 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DOD PRIVACY PROGRAM Inspections § 310.43 Privacy Act inspections. During internal inspections...

32 CFR 310.43 - Privacy Act inspections.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Privacy Act inspections. 310.43 Section 310.43 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DOD PRIVACY PROGRAM Inspections § 310.43 Privacy Act inspections. During internal inspections...

User Privacy in RFID Networks

NASA Astrophysics Data System (ADS)

Singelée, Dave; Seys, Stefaan

Wireless RFID networks are getting deployed at a rapid pace and have already entered the public space on a massive scale: public transport cards, the biometric passport, office ID tokens, customer loyalty cards, etc. Although RFID technology offers interesting services to customers and retailers, it could also endanger the privacy of the end-users. The lack of protection mechanisms being deployed could potentially result in a privacy leakage of personal data. Furthermore, there is the emerging threat of location privacy. In this paper, we will show some practical attack scenarios and illustrates some of them with cases that have received press coverage. We will present the main challenges of enhancing privacy in RFID networks and evaluate some solutions proposed in literature. The main advantages and shortcomings will be briefly discussed. Finally, we will give an overview of some academic and industrial research initiatives on RFID privacy.

NASA Accountability Report

NASA Technical Reports Server (NTRS)

1997-01-01

NASA is piloting fiscal year (FY) 1997 Accountability Reports, which streamline and upgrade reporting to Congress and the public. The document presents statements by the NASA administrator, and the Chief Financial Officer, followed by an overview of NASA's organizational structure and the planning and budgeting process. The performance of NASA in four strategic enterprises is reviewed: (1) Space Science, (2) Mission to Planet Earth, (3) Human Exploration and Development of Space, and (4) Aeronautics and Space Transportation Technology. Those areas which support the strategic enterprises are also reviewed in a section called Crosscutting Processes. For each of the four enterprises, there is discussion about the long term goals, the short term objectives and the accomplishments during FY 1997. The Crosscutting Processes section reviews issues and accomplishments relating to human resources, procurement, information technology, physical resources, financial management, small and disadvantaged businesses, and policy and plans. Following the discussion about the individual areas is Management's Discussion and Analysis, about NASA's financial statements. This is followed by a report by an independent commercial auditor and the financial statements.

NASA's Global Hawk

NASA Image and Video Library