مقاله انگلیسی تحلیل عوامل موفق در کاهش ریسک های حریم خصوصی
Abstract
Keywords
References
Abstract
This research aims to ascertain how to effectively mitigate privacy risks in IoT devices. A user-centric approach is employed to increase user control and flexibility. After a detailed analysis of the extant literature, critical success factors that are lauded to alleviate risks in IoT devices were synthesised and collated. These include anonymity, transparency, simplicity, explicit consent and GDPR. An instrument was developed based on these factors to ascertain which of these aspects are considered to be the most effective. Data were collected and analysed from 341 IoT device users, data protection/IT professionals, and IoT device manufacturers in the industry. Findings from this analysis reveal that transparency is the most important critical success factor, followed by GDPR, anonymity, explicit consent, and simplicity, respectively. Based on these findings, a self-assessment scorecard was developed to enable analysts and decision-makers to assess their current performance against best practices and to effectively mitigate privacy risks in IoT devices.
Introduction
Privacy is widely seen as a significant barrier to the deployment of internet of things (IoT) technologies [1]. Users are particularly concerned about the recording of their private activities [2], and the collection and sharing of their personal data [3]. Users of IoT medical devices are especially concerned about the privacy threats associated with the collection and sharing of personal data such as the user’s dietary habits, exercise information, running routes and sleep patterns with third parties [4]. Safeguarding privacy becomes increasingly challenging when IoT medical devices (such as smart test kits, smart assistive technologies, and smart meters/monitors) are utilized at home [5]. Privacy is subjective in comparison to security, which is more unbiased and less debatable, as it is easier to measure and assess security practices than privacy practices [6]. For example, the type of encryption existing on the device or in the cloud is quantifiable, whereas, in the case of privacy, there is a lot of obscurity/complexity. Consequently, there is a need for relevant privacy protection legislation [7], policies [8], approaches [9] and practice [10].