Evaluating and enriching information and communication technologies compliance frameworks with regard to privacy
Abstract
Purpose
The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.
Design/methodology/approach
The paper draws conceptually upon an existing security standard's framework and omissions in information privacy compliance frameworks are recognized. As a result, an extended framework of information security and privacy standards is developed. Moreover, taking into account the different attributes and focus of information privacy as compared to information security, the elicitation of usability criteria for web applications and interfaces that will assist users to protect their privacy, is being proposed.
Findings
Within ICT standards numerous information security standards exist, which enable a common understanding of security requirements and promote global rules and practices for security mechanisms. Through their usage, designed information systems ultimately reach a commonly accepted security level and interoperate with other systems in an efficient and secure way. Nevertheless, a similar compliance environment is missing with regard to information privacy. Often security controls are seen as the solution to privacy protection and security compliance frameworks are regarded as guidance to information privacy as well. This is clearly the wrong approach since the main security and privacy attributes are different; information security refers to information stored, processed and transmitted for completing the information system's functions and purpose, while information privacy is the protection of the information's subject identity.
Research limitations/implications
The identified gaps in compliance environments are based on extensive literature review, while the proposed enhancements for the information privacy standards are, at this stage, an opinion‐based piece of work.
Originality/value
Currently, information privacy is treated mostly as a legal compliance requirement and thus is not adequately handled by security standards. The paper provides recommendations and further guidance in managerial, procedural and technical level for handling information privacy.
Keywords
Citation
Lambrinoudakis, C. (2013), "Evaluating and enriching information and communication technologies compliance frameworks with regard to privacy", Information Management & Computer Security, Vol. 21 No. 3, pp. 177-190. https://doi.org/10.1108/IMCS-09-2012-0051
Publisher
:Emerald Group Publishing Limited
Copyright © 2013, Emerald Group Publishing Limited