Privacy reference architecture for personal information life cycle

Abstract

The increased commercial use (and value) of PII(Privacy Identifiable information), the sharing of PII across legal jurisdictions, and the growing complexity of ICT systems, makes it extremely difficult for an organization to ensure privacy and to achieve compliance with the various laws and regulations. Additionally, the open nature and characteristics of the Internet and its communication protocols can lead to a loss of information privacy when PII is used in a way that was not originally intended. Uncertainty or distrust can arise as a result of how an organization or other entity handles information privacy matters and as a result of cases of PII misuse. This paper proposes a security model for the management of personal information by each lifecycle stage, so that the information and communication service providers, which collect, store, manage, and use personal information, can manage their customers' personal information more securely and efficiently. However, as the policy and technology designed to protect personal information vary in terms of application depending on the environment of each organization and enterprise, this paper presents general criteria. Therefore, the security requirements for each personal information lifecycle stage may be selectively applied to the environment appropriately for each organization and enterprise. © 2011 Springer-Verlag Berlin Heidelberg.