Confidentiality and Computers
2
John H. Maindonald,
Helen P. Stott,
John H. Maindonald
Australian National University, Canberra, ACT, Australia
Search for more papers by this authorJohn H. Maindonald,
Helen P. Stott,
John H. Maindonald
Australian National University, Canberra, ACT, Australia
Search for more papers by this authorFirst published: 15 July 2005
Abstract
Computer systems that hold data of a private or confidential nature should be designed so that data are “disclosed only to authorized persons, entities and processes at authorized times and in the authorized manner” 24. Rights of privacy and confidentiality may be enshrined in legislation. Such rights are typically not absolute; they may, especially where data is required for research purposes, be weighed against a wider public interest. Demands for privacy and confidentiality impose responsibilities on designers and managers of computer systems that store sensitive data. Advances in computer technology, and especially the use of the internet, have created huge security challenges.
References
- 1 American Medical Association. (2003) E-5.07 Confidentiality: Computers. http://www.ama-assn.org/ama/pub/category/8360.html,.
- 2 American Statistical Association. (2003) Privacy, Confidentiality, and Data Security Website. http://www.amstat.org/comm/cmtepc.
- 3 Barrows, R. C. & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records, Journal of the American Medical Informatics Association 3, 139–148.
- 4 Butz, W. P. (1985). Data confidentiality and public perceptions: the case of European censuses, Proceedings of the Section on Survey Research Methods. American Statistical Association, Washington, DC, pp. 90–97.
- 5 Canadian Institutes of Health Research. (2001). Selected International Legal Norms on the Protection of Personal Information in Health Research. http://www.cihr.ca/.
- 6 Cybenko, G. (2002). Editor's message: the long march, IEEE Computer 35(Suppl. 1), http://computer.org/security/supp_toc.htm.
- 7 Department of Health (UK). (2003). Patient Confidentiality and Caldicott Guardians. http://www.dog.gov.uk/ipu/confiden/.
- 8 M. S. Donaldson & K. N. Lohr, eds. (1994). Health Data in the Information Age. Use, Disclosure and Privacy. National Academy Press, Washington, pp. 152–153.
- 9 P. Doyle, J. I. Lane, J. M. Theeuwes & L. V. Zayatz, eds. (2001). Confidentiality, Disclosure and Data Access—Theory and Practical Applications for Statistical Agencies. Elsevier, Amsterdam.
- 10 Earnhart, B. (2003). Respect your data, Amstat News (309), 36–38. http://www.uiowa.edu/∼soc/datarespect/data_training_frm.html.
- 11 European Parliament and Council of Europe. (1995). Directive 95/46/EC of the European and of the Council 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such data, Official Journal L 281, 0031–0050. http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0045.html.
- 12 Gostin, L. O., Turek-Brezina, J., Powers, M., Kozloff, R., Faden, R. & Steinauer, D. D. (1993). Privacy and security of personal information in a new health care system, Journal of the American Medical Association 270, 2487–2493.
- 13Guidelines Under Section 95 of the Privacy Act 1998. (2000). Canberra. http://www.health.gov.au/nhmrc/issues/researchethics.htm.
- 14Guidelines Under Section 95A of the Privacy Act 1998. (2001). Canberra. http://www.health.gov.au/nhmrc/issues/researchethics.htm.
- 15
Householder, A.,
Houle, K. &
Dougherty, C.
(2002).
Computer attack trends challenge internet security
IEEE Computer
35(Suppl. 1),
http://computer.org/security/supp_toc.htm.
10.1109/MC.2002.1012422 Google Scholar
- 16
McConnell, M.
(2002).
Information assurance in the twenty-first century,
IEEE Computer
35(Suppl. 1),
http://computer.org/security/supp_toc.htm.
10.1109/MC.2002.1012425 Google Scholar
- 17
McLennan, W.
(1996).
The product of the Australian Bureau of Statistics,
Australian Journal of Statistics
38,
1–14.
10.1111/j.1467-842X.1996.tb00359.x Google Scholar
- 18 Neumann, P. (1995). Computer-Related Risks. Addison-Wesley, Reading, MA.
- 19 Neumann, P. (1999). The Challenges of Insider Misuse. http://www.csl.sri.com/users/neumann/pgn-misuse.html.
- 20 Neumann, P. (2003). Illustrative Risks to the Public in the Use of Computer Systems and Related Technology. http://www.csl.sri.com/users/neumann/illustrative.html.
- 21 Thompson, C. (2001). NHMRC Human Research Ethics Handbook, Section 18, Privacy of Information. http://www.health.gov.au/nhmrc/hrecbook/01_commentary/18.htm.
- 22 O'Connor, K. (1996). Privacy Issues Facing a Networked Health Environment, from the text of a speech to the Health Issues Centre Discussion Forum, Melbourne, March 18. Privacy Commissioner, Human Rights Australia.
- 23 Office for Civil Rights—HIPAA. (2003). Medical Privacy–National Standards to Protect the Privacy of Personal Health Information. http://www.hhs.gov/ocr/hipaa/bkgrnd.html.
- 24 Organisation for Economic Co-operation and Development. (1992). Guidelines for Security of Information Systems. OECD, Paris.
- 25
Stajano, F. &
Anderson, R.
(2002).
The resurrecting duckling: security issues for ubiquitous computing,
IEEE Computer
35(Suppl. 1),
http://computer.org/security/supp_toc.htm.
10.1109/MC.2002.1012427 Google Scholar
- 26 U.S. Office of Federal Statistical Policy and Standards. (1980). Report on Statistical Disclosure and Disclosure-Avoidance Techniques, Statistical Working Paper 2, U.S. Department of Commerce.
- 27 U.S. Office of Federal Statistical Policy and Standards. (1994). Report on Statistical Disclosure and Limitation Methodology, Statistical Working Paper 22, U.S. Department of Commerce.
- 28
Willenborg, L. C. R. J. &
de Waal, A. G.
(1996).
Statistical Disclosure in Practice, Springer Lecture Notes in Statistics 111,
Springer-Verlag,
New York.
10.1007/978-1-4612-4028-0 Google Scholar
