Data protection and privacy: a model for evidence management

Detalhes bibliográficos
Autor(a) principal: Freund, Gislaine Parra
Data de Publicação: 2023
Outros Autores: Dyllon Jeronimo de Macedo, Douglas, Basto Fagundes, Priscila
Tipo de documento: Artigo
Idioma: por
Título da fonte: Em Questão (Online)
Texto Completo: https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009
Resumo: The legislation and regulations related to data protection and privacy present the requirements that organizations, processes, products, and environments need to meet to be considered secure. Among the recommended requirements, the “Accountability” and “Privacy Compliance” requirements stand out, which define that organizations must be responsible and able to demonstrate compliance with current laws and regulations. In addition to the challenge of implementing such requirements, it is necessary to adopt systematized processes that prove how and on what evidence these requirements are validated. This article presents a model called COM.PRIVACY to manage evidence of data protection and privacy to demonstrate diligence and compliance with good practice regulations. Design Science Research (DSR) was used as a research method for proposing the model. For its validation, COM.PRIVACY was applied in an organization that made it possible to observe and identify improvements during its use, in addition to submitting a questionnaire to specialists to evaluate the model. It was concluded that the model supports the validation and proof of compliance with data protection and privacy requirements in all data processing operations, and can be adopted both in the activity of adequacy and implementation of regulations, in the process of measurement and verification compliance with them, as well as to promote transparency in the processing of data to their holders.
id UFRGS-8_7e1733620201f7177687d07a38c72885
oai_identifier_str oai:seer.ufrgs.br:article/128009
network_acronym_str UFRGS-8
network_name_str Em Questão (Online)
repository_id_str
spelling Data protection and privacy: a model for evidence managementProteção e privacidade de dados: um modelo para o gerenciamento de evidênciasdata protection; data privacy; evidence management; information securityproteção de dadosprivacidade de dadosgerenciamento de evidênciassegurança da informaçãoThe legislation and regulations related to data protection and privacy present the requirements that organizations, processes, products, and environments need to meet to be considered secure. Among the recommended requirements, the “Accountability” and “Privacy Compliance” requirements stand out, which define that organizations must be responsible and able to demonstrate compliance with current laws and regulations. In addition to the challenge of implementing such requirements, it is necessary to adopt systematized processes that prove how and on what evidence these requirements are validated. This article presents a model called COM.PRIVACY to manage evidence of data protection and privacy to demonstrate diligence and compliance with good practice regulations. Design Science Research (DSR) was used as a research method for proposing the model. For its validation, COM.PRIVACY was applied in an organization that made it possible to observe and identify improvements during its use, in addition to submitting a questionnaire to specialists to evaluate the model. It was concluded that the model supports the validation and proof of compliance with data protection and privacy requirements in all data processing operations, and can be adopted both in the activity of adequacy and implementation of regulations, in the process of measurement and verification compliance with them, as well as to promote transparency in the processing of data to their holders.As legislações e as normativas relacionadas à proteção e à privacidade de dados apresentam os requisitos a que organizações, processos, produtos e ambientes precisam atender para serem considerados seguros. Dentre os requisitos preconizados, destacam-se os de “Responsabilização” e “Conformidade com a privacidade”, os quais definem que as organizações devem ser responsáveis e capazes de demonstrar conformidade com as leis e as normas vigentes. Além do desafio de implementar tais requisitos, é necessário adotar processos sistematizados que comprovem como e em quais evidências esses requisitos são validados. Este artigo apresenta um modelo denominado COM.PRIVACY para gerenciar evidências de proteção e privacidade de dados e para demonstrar diligência e conformidade com normativas de boas práticas. Foi utilizado o Design Science Research como método de pesquisa para a proposição do modelo. Para a sua validação, o COM.PRIVACY foi aplicado em uma organização que possibilitou a observação e a identificação de melhorias durante a sua utilização, sendo a sua avaliação feita por um grupo de especialistas. Concluiu-se que o modelo apoia a validação e a comprovação de conformidade com requisitos de proteção e privacidade de dados em todas as operações de tratamento de dados, podendo ser adotado tanto na atividade de adequação e implementação das normativas, no processo de aferição e verificação de conformidade com essas normas, assim como na promoção da transparência do tratamento de dados aos seus titulares.Universidade Federal do Rio Grande do Sul, Faculdade de Biblioteconomia e Comunicação, Programa de Pós-Graduação em Ciência da Informação (Porto Alegre/RS)2023-11-20info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionAvaliado por Paresapplication/pdfapplication/pdfapplication/pdfapplication/pdfhttps://seer.ufrgs.br/index.php/EmQuestao/article/view/12800910.1590/1808-5245.29.128009Em Questão; Vol. 29 (2023)Em Questão; Vol. 29 (2023)Em Questão; v. 29 (2023)1808-52451807-8893reponame:Em Questão (Online)instname:Universidade Federal do Rio Grande do Sul (UFRGS)instacron:UFRGSporhttps://seer.ufrgs.br/index.php/EmQuestao/article/view/128009/90204https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009/90315https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009/90316https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009/90317Copyright (c) 2022 Gislaine Parra Freund, Douglas Dyllon Jeronimo de Macedo, Priscila Basto Fagundeshttps://creativecommons.org/licenses/by/4.0info:eu-repo/semantics/openAccessFreund, Gislaine ParraDyllon Jeronimo de Macedo, DouglasBasto Fagundes, Priscila2023-12-07T14:02:21Zoai:seer.ufrgs.br:article/128009Revistahttps://seer.ufrgs.br/emquestao/PUBhttps://seer.ufrgs.br/EmQuestao/oaiemquestao@ufrgs.br||emquestao@ufrgs.br1808-52451807-8893opendoar:2023-12-07T14:02:21Em Questão (Online) - Universidade Federal do Rio Grande do Sul (UFRGS)false
dc.title.none.fl_str_mv Data protection and privacy: a model for evidence management
Proteção e privacidade de dados: um modelo para o gerenciamento de evidências
title Data protection and privacy: a model for evidence management
spellingShingle Data protection and privacy: a model for evidence management
Freund, Gislaine Parra
data protection; data privacy; evidence management; information security
proteção de dados
privacidade de dados
gerenciamento de evidências
segurança da informação
title_short Data protection and privacy: a model for evidence management
title_full Data protection and privacy: a model for evidence management
title_fullStr Data protection and privacy: a model for evidence management
title_full_unstemmed Data protection and privacy: a model for evidence management
title_sort Data protection and privacy: a model for evidence management
author Freund, Gislaine Parra
author_facet Freund, Gislaine Parra
Dyllon Jeronimo de Macedo, Douglas
Basto Fagundes, Priscila
author_role author
author2 Dyllon Jeronimo de Macedo, Douglas
Basto Fagundes, Priscila
author2_role author
author
dc.contributor.author.fl_str_mv Freund, Gislaine Parra
Dyllon Jeronimo de Macedo, Douglas
Basto Fagundes, Priscila
dc.subject.por.fl_str_mv data protection; data privacy; evidence management; information security
proteção de dados
privacidade de dados
gerenciamento de evidências
segurança da informação
topic data protection; data privacy; evidence management; information security
proteção de dados
privacidade de dados
gerenciamento de evidências
segurança da informação
description The legislation and regulations related to data protection and privacy present the requirements that organizations, processes, products, and environments need to meet to be considered secure. Among the recommended requirements, the “Accountability” and “Privacy Compliance” requirements stand out, which define that organizations must be responsible and able to demonstrate compliance with current laws and regulations. In addition to the challenge of implementing such requirements, it is necessary to adopt systematized processes that prove how and on what evidence these requirements are validated. This article presents a model called COM.PRIVACY to manage evidence of data protection and privacy to demonstrate diligence and compliance with good practice regulations. Design Science Research (DSR) was used as a research method for proposing the model. For its validation, COM.PRIVACY was applied in an organization that made it possible to observe and identify improvements during its use, in addition to submitting a questionnaire to specialists to evaluate the model. It was concluded that the model supports the validation and proof of compliance with data protection and privacy requirements in all data processing operations, and can be adopted both in the activity of adequacy and implementation of regulations, in the process of measurement and verification compliance with them, as well as to promote transparency in the processing of data to their holders.
publishDate 2023
dc.date.none.fl_str_mv 2023-11-20
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
Avaliado por Pares
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009
10.1590/1808-5245.29.128009
url https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009
identifier_str_mv 10.1590/1808-5245.29.128009
dc.language.iso.fl_str_mv por
language por
dc.relation.none.fl_str_mv https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009/90204
https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009/90315
https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009/90316
https://seer.ufrgs.br/index.php/EmQuestao/article/view/128009/90317
dc.rights.driver.fl_str_mv https://creativecommons.org/licenses/by/4.0
info:eu-repo/semantics/openAccess
rights_invalid_str_mv https://creativecommons.org/licenses/by/4.0
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
application/pdf
application/pdf
application/pdf
dc.publisher.none.fl_str_mv Universidade Federal do Rio Grande do Sul, Faculdade de Biblioteconomia e Comunicação, Programa de Pós-Graduação em Ciência da Informação (Porto Alegre/RS)
publisher.none.fl_str_mv Universidade Federal do Rio Grande do Sul, Faculdade de Biblioteconomia e Comunicação, Programa de Pós-Graduação em Ciência da Informação (Porto Alegre/RS)
dc.source.none.fl_str_mv Em Questão; Vol. 29 (2023)
Em Questão; Vol. 29 (2023)
Em Questão; v. 29 (2023)
1808-5245
1807-8893
reponame:Em Questão (Online)
instname:Universidade Federal do Rio Grande do Sul (UFRGS)
instacron:UFRGS
instname_str Universidade Federal do Rio Grande do Sul (UFRGS)
instacron_str UFRGS
institution UFRGS
reponame_str Em Questão (Online)
collection Em Questão (Online)
repository.name.fl_str_mv Em Questão (Online) - Universidade Federal do Rio Grande do Sul (UFRGS)
repository.mail.fl_str_mv emquestao@ufrgs.br||emquestao@ufrgs.br
_version_ 1789438637042040832