Security, Privacy, IP, Governance and Ethics - Annotated Bibliography Example

Security, Privacy, IP, Governance and Ethics Name Date Security, Privacy, IP, Governance and Ethics Camp, L. (2015). Respecting people and respecting privacy. Communications of the ACM, 58(7), 27-28. In this article, the author is expressing his views regarding upholding privacy. Designers have the primary responsibility to protect people’s data and privacy by minimizing data collection. Camp bases his argument on results of a previously done study, which revealed that several people including professionals do not have adequate information about security and privacy. Reducing the amount of data that systems collect reduced the risk data loss or access by unauthorized personnel. This article is worth including in writing on the topic at hand because it offers suggestions on improving security and privacy now that data plays a core part in modern organisations. Mann, D., Travis, C. L., & Cook, L. D. (2015). Data security and privacy: More than the IT department’s concern. The Computer & Internet Lawyer, 32(12), 8-11. Contrary to Camp (2015) who believes that IT departments and designers are primarily responsible in securing data privacy and security, Mann, Travis, and Cook (2015) are of the view that this is a collective responsibility with users being required to take a core part. The authors acknowledge that users present the weakest link on the protection system primarily because of their lack of knowhow and sometimes ignorance. Laws and policies have been put in place, which if properly used will help in promoting data privacy and security by ensuring that data handlers do so responsibly. This informative article presents different methods to fighting global cyber security risk. Its proposal of a collaborative approach makes it to have a major contribution to the topic. Federal Trade Commission. (2016). Mobile health App developers: FTC best practices. Retrieved from https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-app-developers-ftc-best-practices Federal Trade Commission (FTC) is an American public organisation that seeks to protect consumers. It has offered useful tips that developers for healthcare apps can use to ensure high levels of privacy and security of consumer data. In agreement with Camp (2015), FTC advices institutions to limit the amount of data they collect. Limitation of permission and access to stored data reduces risk of data loss. Other best practices to consider include using evidenced-based practices already in use such as authentication, considering data security during system design, considering increased use of mobile platforms, and reviewing all the applicable laws during design and operation of data collection and storage system. This article is useful in the topic because it offers different strategies to promoting security and privacy. Robichau, R. (2014). Healthcare information privacy and security: Regulatory compliance and data security in the age of electronic health records. New York, NY: Heinz Weinheimer. ISBN: 978-1-4-4302-6676-1. The author is an electronic medical records (EMR) consultant and he thus writes authoritatively out of experience and advanced knowledge in the field. The book serves as a manual for executives of healthcare organisations, IT managers and directors, technical staff and analysts, EMR vendors, information security officers and staff, consultants, and ancillary compliance officers. The author notes that there is a dire need to move from manual to electronic systems of handling and managing patient data and medical information. However, this must not be at the expense of privacy and security of patient data. Robichau presents a wide approach of protecting data, which, in accordance with Mann, Travis, and Cook (2015), should be multidisciplinary. The author introduces the concepts of responsibility and ethics as a strategy for protecting patient data stored in EMRs. This resource is useful because it approaches the issue from an all-round perspective. Salomon, D. (2003). Data privacy and security: With 122 illustrations. New York, NY: Springer-Verlag New York, Inc. This book focuses on the technical aspects of protecting data particularly data encryption and data hiding. The author provides an in-depth discussion of these two strategies including specific methods of each of the two broad topics. The book is useful in the topic because it gives a comprehensive explanation of two commonly used methods of protecting data stored in and transferred within electronic systems. Weise, J., Brunette, G., & Dennedy, M. (2009). Data protection. In C. W. Axelrod., J. L. Bayuk & D. Schutzer (Eds.). Enterprise information security and privacy (21-41). London: Artech House. Chapter two by Weise, Brunette, and Dennedy is about data protection. After discussing important concepts on data and protection, the writers provide recommendations on ensuring utmost data protection. In agreement with previously reviewed sources, this book chapter supports the importance of having a holistic approach to data protection, which makes it the responsibility of every stakeholder in the respective electronic system to take part. The authors introduce a new concept, corporate governance, whereby they argue that plays a pivotal role data protection by overseeing the development and implementation of a holistic data protection program. This book chapter presents crucial information on data security and privacy, and it will come in handy when writing about the topic under consideration. Salido, J. (2010). Data governance for privacy, confidentiality and compliance: A holistic approach. ISACA. Retrieved from http://www.isaca.org/Journal/archives/2010/Volume-6/Pages/Data-Governance-for-Privacy-Confidentiality-and-Compliance.aspx Salido writes for ISACA, a reputable, professional, international institution that focuses on IT governance. In his article, Salido notes that moving into electronic data management systems is inevitable for contemporary businesses. However, the primary challenge facing institutions today is ensuring data privacy and security especially with the rise in cyber crime. The article presents a new approach to data management for privacy and security known as Data Governance for Privacy, Confidentiality, and Compliance (DGPC). The framework gives a holistic approach to data protection that identifies security and privacy threats and then uses appropriate methods to counter them. Its primary components include people, process, and technology. This article presents a new and interesting approach that might help healthcare institutions deal with data privacy and security risks better than before. Razaeibagha, F., Win, K. T., & Susilo, W. (2015). A systematic literature review on security and privacy of electronic health record systems: technical perspectives. Health Information Management Journal, 44(3), 23-38. The authors conducted a literature review on security and privacy technical features of electronic health record systems (EHRs) that are frequently adopted. The analysis outlined 13 common features, which include cryptography techniques, compliance with security requirements, consent and choice mechanism, applicability and scalability, integration and sharing, policies and regulation, system and application access control, and interoperability. This article contributes to data protection for privacy and security by presenting some technical features that designers and system analysts should consider including in EHR and other electronic systems. The article also present an in-depth discussion of each of the features, which enhances the understanding of the whole issue. Kerstein, S. (2013). Moving the needle toward a data-driven health care system: Optimizing the EHR through information governance. Journal of Health Care Compliance, 15(3), 45-62. In this article, the writer argues that information governance (IG) will be helpful in helping healthcare organizations to optimize their technology resources by making them data driven. IG will therefore move EHR systems from mere implementation to optimization. It will not only promote effective use of data, but will also promote responsible use by setting out procedures and policies and then ensuring that they are followed. IG will also promote accountability, which will in turn increase data privacy and security. This article appears to suggest that before any institution decides to shift from manual to electronic system, it must put in place a robust IG system. Those organizations that have already moved should consider establishing an IG structure that will optimize data use. The article contributes to the topic by shinning some light on the role of information governance on data privacy and security as well as ethical use. Brey, P. (2007). Ethical Aspects of Information Security and Privacy. In M. Petkovic & W. Jonker (Eds.) Security, privacy, and trust in modern data management (21-38). Springer-Verlag Berlin Heidelberg. This book chapter deals with the ethics around security and privacy of computer and information. The author outlines and explains various aspects of ethics in computer security including an explanation of cybercrime. The resource provides crucial information on issues affecting data security and privacy, which aids in designing data protection systems. Information security personnel and any person involved in designing data systems as well as those who handle data are morally responsible to protect customer’s privacy and security by protecting collected data. This book chapter contributes to writing on the topic at hand by easing the understanding of how data is lost or stolen. Further, it reminds people directly involved in system design and implementation that they must act ethically when dealing with data or designing systems for collecting, storing, and sharing data. References Brey, P. (2007). Ethical Aspects of Information Security and Privacy. In M. Petkovic & W. Jonker (Eds.) Security, privacy, and trust in modern data management (21-38). Springer-Verlag Berlin Heidelberg. Camp, L. (2015). Respecting people and respecting privacy. Communications of the ACM, 58(7), 27-28. Federal Trade Commission. (2016). Mobile health App developers: FTC best practices. Retrieved from https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-app-developers-ftc-best-practices Kerstein, S. (2013). Moving the needle toward a data-driven health care system: Optimizing the EHR through information governance. Journal of Health Care Compliance, 15(3), 45-62. Mann, D., Travis, C. L., & Cook, L. D. (2015). Data security and privacy: More than the IT department’s concern. The Computer & Internet Lawyer, 32(12), 8-11. Razaeibagha, F., Win, K. T., & Susilo, W. (2015). A systematic literature review on security and privacy of electronic health record systems: technical perspectives. Health Information Management Journal, 44(3), 23-38. Robichau, R. (2014). Healthcare information privacy and security: Regulatory compliance and data security in the age of electronic health records. New York, NY: Heinz Weinheimer. ISBN: 978-1-4-4302-6676-1. Salido, J. (2010). Data governance for privacy, confidentiality and compliance: A holistic approach. ISACA. Retrieved from http://www.isaca.org/Journal/archives/2010/Volume-6/Pages/Data-Governance-for-Privacy-Confidentiality-and-Compliance.aspx Salomon, D. (2003). Data privacy and security: With 122 illustrations. New York, NY: Springer-Verlag New York, Inc. Weise, J., Brunette, G., & Dennedy, M. (2009). Data protection. In C. W. Axelrod., J. L. Bayuk & D. Schutzer (Eds.). Enterprise information security and privacy (21-41). London: Artech House. Read More

 

Read More