Taxonomy for Information Privacy Metrics

AuthorRasika Dayarathna
PositionDepartment of Computer and Systems Sciences (DSV), Stockholm University/Royal Institute of Technology
Pages194-206
JICLT
Journal of International Commercial Law and Technology
Vol. 6, Issue 4 (2011)
194
Taxonomy for Information Privacy Metrics
Rasika Dayarathna
Department of Computer and Systems Sciences (DSV), Stockholm
University/Royal Institute of Technology
si-ika@dsv.su.se
Abstract. A co mprehensive privacy framework is essential for the progress o f the
information pr ivacy field. Some practical implications of a comprehensive fra mework are laying
foundation for building information privacy metrics and having fruitful discussions. Taxono my is
an essential step in building a framework. T his research study attempts to build taxonomy for the
information privacy domain based on e mpirical data. The classical grounded theo ry approach
introduced by Glaser was applied and incidents reported by the International Association of
Privacy Professionals (I APP) are used for building the taxonomy. T hese incidents includ e privacy
related current research works, data breaches, personal views, interviews, and technological
innovations. TAMZAnalyzer, an open source qualitative data analysis tool, was used in coding,
keeping memos, sorting, and creating categorie s. The taxonomy is presented in seven themes and
several categories including legal, technical, and ethical aspects. The findings of this study helps
practitioners understand and discuss the subjects and academia work toward buil ding a
comprehensive framework and metrics for the information privac y domain.
1. Introduction
The right to privacy has been recognized as a fundamental human right. However, in the information era,
information privacy is threatened by the advancement and widespread use of technolo gy. Moreover, some
actions of governments and private organizations pose big threats to information privacy. In order to counter
these threats, several measures including legislative and technological measures have been. In the legal domain,
the Euro pean legislative approach is omnibus, while the North American approach is piecemeal. In terms o f
technology, a large number l essons and methods have been borrowed from the information security domain.
Additionally, i n empirical stud ies, it was shown that privacy has been interpreted in a number different ways.
Furthermore, information privacy conflicts with information security, transparency, trust, reputation, etc. The
above-mentioned threa ts, legi slative measures, privacy enhancing and invasive technologies, empirical st udies,
and conflicting interest with other fields make informatio n privacy subject ver y complex. As a result of this
complexity and the lac k of comprehensive re search that covers the entire domain, there is no co herent picture of
the information privacy domain. This gap is highlighted in data protection. As repo rted by AFP (2009), Alex
Turk, the president of France’s data protection agency, has stated “… we have a long road, a ver y long road,
ahead to arrive at a common, restricting legal framework”.
As discussed above, information privacy domain needs a coherent framework t hat includes legal,
technological, et hical aspect s. Such a coherent framework makes it possible for p rivacy advocates, legislator s,
practitioners, and academia to have a common understanding on the subject. A common understa nding is very
essential for the pro gress of the field. For example, knowing nuts and bolts in the information privacy domain is
prerequisite for building information privacy metric. Creating taxonomy is an essen tial step in building a
common framework. Though, there are some taxonomy for sp ecific areas in information privacy domain, there is
no comprehensi ve work that covers the entire information privacy do main. Examples for piecemeal works are
Fedaghi’s [2007] gradation for sensitivity of per sonal information, Turn’s [1976] classification scheme of
personal information for privacy prote ction, Kang’s [Kang et al., 2007] classification scheme for p rivacy
enhancing tec hnologies. Despite these piec emeal works, what is lacking is a comprehensive taxonomy for the
information privacy domain.

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT