Dissertations / Theses on the topic 'Privacy practices'

Current usage of the DNS system is a significant loophole of Internet users' privacy, as all queries and answers for resolving web address are not protected in most cases. The report elaborates which Internet users' privacy interests exist, and presents the current technologies to enhance DNS Privacy through a systematic literature review. The report also explores the limitations of the current practices and presents several proposals such as DNS-over-Tor and methods to change the trusted recursive resolver to mitigate current limitations periodically.
Den nuvarande användningen av DNS-systemet är ett signifikant kryphål för internetanvändares integritet, eftersom alla frågor och svar som krävs för att konvertera en webbadress till IP-adress inte skyddas i de flesta fall. Rapporten identifierar internetanvändarnas integritetsintressen och presenterar den nuvarande tekniken som syftar till att förbättra DNS-sekretessen genom en systematisk litteraturgranskning. Rapporten undersöker också begränsningarna i den nuvarande praxis och redovisar flera förslag såsom DNS-över-Tor och metoder som möjliggör periodiskt ändring av rekursiva resolvrar, och de metoderna förväntas att minimera integritetsläckor.

Internet of Things (IoT) devices are becoming more and more common in homes, making the security and privacy of these increasingly important. Previous research has found that home IoT users can become a threat to themselves if they lack knowledge of their devices and awareness of potential threats. To investigate how the users’ security and privacy practices can be improved, it is necessary to understand the current everyday practices and what impacts these. This is examined in 10 interviews, revealing that the practices are primarily influenced by convenience, motivation and the effort required from the user. Using these insights, this thesis suggests that tangible interaction needs to be used as a complement to digital solutions to improve the security and privacy practices. By having a physical object that in a simple way can inform everyone of the current security and privacy situation and is equally accessible for all members of a household, the security and privacy can become more attainable for all users no matter their level of knowledge and experience.
Internet of Things (IoT) enheter har blivit vanligt förekommande i hem vilket gör deras säkerhet och integritet allt viktigare. Det har tidigare visats att användare av IoT i hemmet kan utgöra ett hot mot sig själva om de saknar kunskap om enheterna och kännedom om potentiella hot. För att undersöka hur användarnas vanor kring säkerhet och integitet kan förbättras är det först nödvändigt att utforska de nuvarande vanorna och vad som påverkar dessa. Detta undersöks i tio intervjuer som visar att vanorna främst påverkas av bekvämlighet, motivation och ansträngningen som krävs av användaren. Utifrån dessa insikter föreslås det att fysisk interaktion används som ett komplement till digitala lösningar för att förbättra vanorna kring säkerhet och integritet. Genom att ha ett fysiskt objekt som på ett enkelt sätt kan förmedla enheternas nuvarande status och är lika tillgängligt för alla medlemmar i ett hushåll kan säkerhet och integritet bli mer uppnåeligt för alla användare, oavsett deras nivå av kunskap och erfarenhet.

Health research is the single vehicle for uncovering the varying causes of disease or illness, understanding the broader determinants of health, and discovering new or to validating traditional ways of treating the individuals who suffer from these conditions. Thus, health research activities are at the heart of medical, health and scientific developments. While health research activities exemplify some of the greatest hopes for improved health-care, they also highlight public concerns for the protection of personal health information (PHI). More specifically, advances in modern information technology and the increasing pace of international collaborative studies raise challenging issues regarding privacy protection in health research. The extensive quantities of data housed in general-use databases and electronic health records (EHRs) are two frequently cited examples of “electronic health information” that are now increasingly available to researchers globally . For example, individual discrete studies are expanding into long-term prospective disease or treatment databases without clear research questions and involving multiple research teams and jurisdictions. As well, EHRs are increasingly taking a prominent role in Western industrialized nations such as England, Australia, New Zealand, Germany, the Netherlands, the United States, as well as Canada. The expected large scale demand for the secondary uses of personal health information (PHI) from electronic health records represents another significant challenge to privacy. EHRs facilitate clinical and population-based health research not only in terms of secondary uses, such as retrospective observational studies, but also for prospective cohort studies. In Canada today, there are two documents that provide direction that is applicable at a national level to privacy protection practices in health research: The Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS 2) and the CIHR Best Practices for Protecting Privacy in Health Research (CIHR BPPP). The TCPS 2, a policy document, is the most influential Canadian policy applicable to the ethics of research with human participants and widely followed by Canadian researchers and institutions. Conversely, use of the CIHR BPPP is purely optional. Canadian REBs are responsible for much of the governance of privacy, confidentiality and security in health research. However, the extent to which they apply and utilize the privacy provisions from the TCPS 2 and CIHR BPPP in their protocol requirements is not known. This thesis provides a descriptive comparative study of the international and Canadian contexts for privacy protection in health research and produces a greater understanding of two Canadian stakeholder groups: the Canadian public, whose participation and trust is imperative for valid research; and Canadian Faculty of Medicine (FoM) university biomedical REBs with whom much responsibility for ensuring appropriate protection of privacy and confidentiality in health research rests.

The most significant issue facing the growth of eCommerce is trust. This research was conducted to determine the type of information users are willing to allow entities to collect online, such as a user's email addresses and click-stream behavior, and its affect on trust. This study determined empirically that participants were more willing to submit non-personally identifying data (e.g., clickstream data) over personally identifying information (e.g., email address); participants were wary of submitting any personal information such as an email address; when a participant submits an email address, it may not be his or her primary email address; the opting defaults for solicitations did not affect trust; participants did not read the privacy policy; and that these findings applied to all web sites, regardless of whether they were shopping/commerce, community, download, or informational. Based on the results, several design guidelines were developed to aid web site designers in creating trusted sites.

Thesis (MComm)--Stellenbosch University, 2002.
ENGLISH ABSTRACT: One of the phenomena's in the marketing industry of the past decade is the increased use of database marketing. Database marketing involves the collection, processing and dissemination of vast amounts of consumer information in order to compile detailed consumer databases. The increasing popularity of database marketing can be attributed to various factors. Consumer information can now be obtained easier, cheaper and faster due to the availability of information technology. It has become easier to segment consumer markets and it is possible to identify consumer trends. It is possible to make predictions of consumer behaviour or buying patterns because consumer databases provide a more complete consumer profile with information ranging from demographics, psycho graphics to life-style information. Database technology improves the efficiency and effectiveness of marketing campaigns because marketers can analyse the available information and select the most appropriate marketing strategies and tactics, while concentrating efforts on the most profitable consumer. Marketers therefore waste less effort, money, and other resources by not promoting to individuals who are unlikely to react upon such offers. Widespread databases assist marketers in offering products that are more reasonably priced and more precisely tailored for smaller, more homogeneous market segments. Improved product and service offerings as well as the availability of a wider variety of products and services will likely result in higher consumer satisfaction and could build consumer loyalty. Therefore, marketers use consumer information to improve the overall marketing strategy and individual customer service. Consumers are concerned about database marketing practices because consumers believe some data practices invade personal privacy. The need for privacy has always been inherent to human nature and the concept of privacy dates back to early mankind. One should however differentiate between an individual's basic need for privacy from a general perspective and privacy within a consumer-marketer context. Privacy from a general perspective refers to one's territoriality and need for physical seclusion, whereas consumer privacy mainly relate to the privacy of personal information. Bennett, as well as Stone and Stone proposed that a state of privacy exist when a consumer can control social interaction, unwanted external stimuli, and the dissemination of personal information as well as being able to make independent decisions without outside interference. Consumers' need for privacy is however, in conflict with the need for social interaction and the need to participate in commercial exchange relationships. The more a person interacts with other members of society, the more the person could expect to compromise some privacy. This implies that when consumers participate in a business transaction, or where an exchange relationship exists between the database marketer and consumer, consumers could expect that a degree of privacy will be lost. Consumer groups however, argue that some marketing practices invade the reasonable amount of privacy consumers should be able to expect. The raising consumer concern for privacy is attributable to several reasons. The primary driver of consumer concern is the general lack of knowledge on data collection and use. Other reasons for the raising privacy concern include the type of information collected and the amount of control consumers have over subsequent use of data; the use of personal information to identify specific individuals; collection and use of sensitive information, such as medical and financial data; the volume of information collected and used; secondary information use; the use and dissemination of inaccurate databases; the collection and use of children's data; the lack of tangible benefits received in exchange for information provided; and the use of consumer information for financial gain. Consumers have also expressed concern about electronic database marketing practices because of the secrecy in data collection and use. However, privacy concerns may vary depending on consumers' cultural orientation, age, perception on what constitutes good marketing ethics or the specific methods employed to obtain consumer data. One could distinguish between several consumer clusters when considering consumers" attitudes on database marketing practices and personal privacy. In this regard the typical South African consumer is classified as a "pragmatist". Pragmatists are concerned with privacy to the extent they are exposed to database marketing activities. The South African database marketing industry is still in its infancy phase and as the industry progress, and consumers become more knowledgeable, privacy concerns are likely to increase. It is important to address the issues that raise consumer privacy concerns and to find solutions for ensuring sustainable database marketing practice in future. Marketers' information needs and consumers' privacy needs should somehow be balanced in order to withhold government intervention. Compromises from both sides are necessary to reach a more balanced relationship between the two parties. The successful outcome of the privacy debate will depend on marketers' understanding of consumer privacy issues and by addressing these accordingly.Several approaches exist for regulating database marketing practices that invade consumer privacy: the implementation of information technology, self-regulation and government intervention. Self-regulation is preferred for regulating database marketing practices, whereas privacy-enhancing information technology is recommended as a supplemental tool for protecting consumer privacy. Government regulating seems to be the last resort because of unnecessary restrictions that might be imposed on database marketing activities. Recommended models for regulating database marketing activities and for protecting consumer privacy in South Africa are the Registration Model, together with elements of the Data Commissioner Model. These models were proposed after careful consideration of characteristics, unique to the South African database marketing industry. The models place the responsibility for data protection with the database marketer and the South African government, rather than with the consumer. The Registration Model and the Data Commissioner Model seems a viable combination for implementation in South Africa because these models acknowledge the fact that South African pragmatic consumers are not well educated and informed enough on privacy invading database marketing practices. This combination rarely involves any consumer participation and therefore suits the typical apathetic nature of South African consumers. The Registration Model acts like a notice system where an agency, currently the Direct Marketing Association of South Africa, develops principles of fair information practices to which registered marketers need to comply with. A commission, an element of the Data Commissioner Model, has power to investigate consumer complaints, constrain development of databases, review data practices and advise on improvements on data collectors' systems. The commission could also monitor advancements in information technology that may enhance consumer privacy. The only problem with these models seems to be that the agency and or the commission have no authoritative power to enforce compliance with principles and codes of conduct. Industry self-regulation in conjunction with some governmental control and the application of information technology seems to be useful in providing adequate levels of consumer privacy and data protection. Such a combination might strike a balance between South African consumers' need for privacy and South African marketers' need for consumer information.
AFRIKAANSE OPSOMMING: Een van die verskynsels in die bemarkingsindustrie oor die afgelope dekade is die toenemende gebruik van databasisbemarking. Databasisbemarking behels die insameling, prosessering en verspreiding van groot hoeveelhede verbruikersinligting met die doelom gedetailleerde verbruikersdatabasisse saam te stel. Die toenemende gewildheid van databasisbemarking kan toegeskryf word aan verskeie faktore. Inligtingstegnologie maak dit baie makliker, goedkoper en vinniger om verbruikersinligting te bekom. Dit raak al hoe makliker om verbruikersmarkte te segmenteer en dit is moontlik om verbruikers tendense te identifiseer. Voorspellings kan ook gemaak word ten opsigte van verbruikersgedrag en aankooppatrone omdat die omvang van inligting in verbruikersdatabasisse strek vanaf demografiese, psigografiese tot lewenstylinligting en daarom 'n baie meer volledige verbruikersprofiel bied. Databasistegnologie verbeter die doeltreffendheid en effektiwiteit van bemarkingsveldtogte omdat bemarkers beskikbare inligting kan analiseer en die mees gepaste bemarkingstrategieë en taktieke kan selekteer, terwyl programme gerig kan word op die mees winsgewinde verbruiker. Bemarkers sal dus minder moeite, geld en ander hulpbronne vermors deurdat bemarkingsprogramme nie gerig word op individue wat heel waarskynlik nie op sulke aanbiedinge sal reageer nie. Omvangryke databasisse help bemarkers om goedkoper produkte te bied wat meer presies ontwerp is op kleiner, meer homogene marksegmente te dien. Verbeterde produk en diens aanbiedinge tesame met die beskikbaarheid van 'n wyer verskeidenheid van produkte en dienste, sal heel waarskynlik hoër verbruikersatisfaksie tot gevolg hê en kan verbruikerslojaliteit bewerkstellig. Dus, bemarkers gebruik verbruikersinligting om die algehele bemarkingstrategie en individuele diens aan verbruikers te verbeter. Verbruikers het belang by databasis bemarkingspraktyke omdat verbruikers glo dat sommige data praktyke inbreuk maak op persoonlike privaatheid. Die behoefte aan privaatheid was nog altyd inherent aan die menslike natuur en die konsep van privaatheid dateer terug tot vroeë beskawings. Daar behoort egter 'n onderskeid getref te word tussen 'n individu se basiese behoefte aan privaatheid vanuit 'n algemene perspektief en privaatheid vanaf 'n verbruiker-bemarker konteks. Privaatheid, vanaf 'n algemene perspektief, verwys na 'n individu se persoonlike ruimte en die behoefte aan fisiese afsondering, teenoor verbruikersprivaatheid wat hoofsaaklik verband hou met die privaatheid van persoonlike inligting. Bennett, sowel as Stone en Stone het voorgestel dat 'n mate van privaatheid heers wanneer 'n verbruiker beheer het oor sosiale interaksies, ongewenste eksterne prikkels, die verspreiding van persoonlike inligting, sowel as om in staat te wees om onafhanklike besluite te neem sonder invloed van buite. Verbruikers se behoefte aan privaatheid is egter in konflik met die behoefte aan sosiale interaksie en die behoefte om deel te neem aan kommersiële transaksies. Hoe meer 'n persoon in wisselwerking tree met ander lede van die gemeenskap, hoe meer kan die persoon verwag om 'n mate van privaatheid op te offer. Dit impliseer dat wanneer verbruikers deelneem in 'n besigheidstransaksie of waar 'n ruilverhouding bestaan tussen die databasisbemarker en verbruiker, kan verbruikers verwag dat 'n mate van privaatheid verlore sal gaan. Verbruikers kan 'n redelike mate van privaatheid verwag, maar verbruikersgroepe argumenteer dat sommige bemarkingspraktyke inbreuk maak op hierdie redelike verwagting van privaatheid. Die toenemende verbruikersbelang by privaatheid is toeskryfbaar aan verskeie redes. Die primêre dryfkrag agter verbruikers se belang is die algemene gebrek aan kennis oor data insameling en gebruik. Ander redes wat bydrae tot die toenemende belang by privaatheid sluit in die tipe inligting ingesamel en die hoeveelheid beheer verbruikers het oor die daaropeenvolgende gebruik van data; die gebruik van persoonlike inligting om spesifieke individue te identifiseer; die insameling en gebruik van sensitiewe inligting, soos byvoorbeeld mediese en finansiële data; die hoeveelheid inligting wat ingesamel en gebruik word; sekondêre gebruik van inligting; die gebruik en verspreiding van onakkurate databasisse; en die insameling en gebruik van verbruikersinligting om finansieël voordeel daaruit te trek. Verbruikers het ook belang getoon teenoor elektroniese databasis bemarkingspraktyke as gevolg van die geheimhouding oor data insameling en gebruik. Die belang by privaatheid mag egter varieër afhangende van verbruikers se kulturele oriëntasie, ouderdom, persepsie van wat goeie bemarkingsetiek behels of die spesifieke metodes gebruik om data aangaande verbruikers te bekom. Daar kan onderskei word tussen verskeie verbruikersgroepe wanneer verbruikershoudings teenoor databasis bemarkingspraktyke en persoonlike privaatheid oorweeg word. In hierdie verband kan die tipiese Suid-Afrikaanse verbruiker geklassifiseer word as 'n pragmatis. Pragmatiste is besorg oor privaatheid tot die mate waartoe hulle blootgestel is aan databasisbemarkingsaktiwiteite. Die Suid-Afrikaanse databasis industrie is nog in die beginfase en soos die industrie groei en verbruikers meer ingelig raak, sal besorgdheid oor privaatheid heelwaarskynlik ook toeneem. Dit is belangrik om die kwessies wat besorgdheid oor verbruikersprivaatheid veroorsaak aan te spreek en om oplossings te vind om volhoubare databasisbemarkingspraktyke in die toekoms te verseker. Daar moet gepoog word om bemarkers se behoefte aan inligting en verbruikers se behoefte aan privaatheid in ewewig te bring om sodoende owerheidsinmenging te voorkom. Opofferings van beide partye is nodig om 'n meer gebalanseerde verhouding tussen die twee partye te bewerkstellig. Die suksesvolle uitkoms van die privaatheidsdebat sal afhang van bemarkers se begrip vir verbruikersprivaatheidskwessies en om dit dienooreenkomstig aan te spreek. Die regulering van databasisbemarkingspraktyke wat inbreuk maak op verbruikersprivaatheid kan verskillend benader word: die implementering van inligtingstegnologie, self-regulering en owerheids-inmenging. Self-regulering word verkies as basis om databasisbemarkingspraktyke te reguleer, terwyl privaatheids-bevorderende inligtingstegnologie aanbeveel word as bykomende gereedskap om verbruikersprivaatheid te beskerm. Owerheidsregulering word gesien as die laaste uitweg as gevolg van onnodige beperkinge wat dit mag plaas op databasisbemarkingsaktiwitei te. Die voorgestelde modelle vir die regulering van databasis bemarkingsaktiwiteite en vir die beskerming van verbruikersprivaatheid in Suid Afrika, is die Registrasie Model, tesame met elemente van die Data Kommissaris Model. Hierdie modelle is voorgestel nadat eienskappe, uniek aan die Suid Afrikaanse databasisbemarkingsindustrie, deeglik oorweeg IS. Die modelle plaas die verantwoordelikheid van data beskerming in die hande van die databasisbemarker en die Suid-Afrikaanse owerheid, eerder as by die verbruiker. Die Registrasie Model en die Data Kommissaris Model blyk 'n uitvoerbare kombinasie vir implementering in Suid Afrika te wees, omdat hierdie modelle die feit inagneem dat Suid Afrikaanse pragmatiese verbruikers nie goed genoeg opgevoed en ingelig is oor die databasisbemarkingsaktiwiteite wat inbreuk maak op privaatheid nie. Hierdie kombinasie behels selde verbruikersdeelname en is daarom gepas by die tipiese apatiese aard van Suid Afrikaanse verbruikers. Die Registrasie Model dien as 'n kennisgee-stelsel waar 'n agentskap, tans die Direkte Bemarkings Assosiasie van Suid Afrika, beginsels vir regverdige inligtingspraktyke ontwikkel waaraan geregistreerde databasisbemarkers moet voldoen. 'n Kommissie, 'n element van die Data Kommissaris Model, het mag om verbruikersklagtes te ondersoek, die ontwikkelling van databasisse aan bande te lê en om datapraktyke te hersien en advies te gee oor verbeteringe in die stelsels van data-insamelaars. Die kommissie kan ook ontwikkelinge in inligtingstegnologie wat verbruikersprivaatheid bevorder, monitor. Die enigste probleem met hierdie modelle blyk te wees dat die agenstkap en die kommissie geen gesag het om te verseker dat beginsels en kodes van goeie gedrag afgedwing word nie. Industrie self-regulering, tesame met 'n mate van owerheidsbeheer en die implementering van inligtingstegnologie blyk nuttig te wees om voldoende vlakke van verbruikers-privaatheid en data beskerming te verseker. Dié kombinasie kan moontlik 'n balans vind tussen Suid Afrikaanse verbruikers se behoefte aan privaatheid en Suid Afrikaanse bemarkers se behoefte aan verbruikersinligting.

Changes to the technological landscape of the National Health Service (NHS) in the UK have often raised debates on information privacy and patient confidentiality. This has been especially pertinent in the context of HIV health services, where patient records have been historically segregated from hospital notes to protect confidentiality and account for the nature of the condition as a stigmatised terminal illness. However, as current anti-retroviral treatment extends life expectancy, HIV is increasingly managed in ways similar to other chronic conditions and integrated patient management has been proposed as best practice. This shift offers a unique opportunity to study reconfigurations of privacy and confidentiality practices from the perspective of data users. This thesis focuses on a technological integration project between the stand-alone systems used in two HIV specialist outpatient centres and the centralised Electronic Patient Records (EPR) of their respective NHS Hospital Trusts. The case study methodology draws on 46 semi-structured interviews with health and IT professionals, supplemented by an analysis of organisational documents and observation of work practices over a period of six months in the two clinics. In weaving together different theoretical concepts, this thesis contributes to an in-depth, empirically informed understanding of privacy and confidentiality practices in healthcare. Firstly, by looking at how HIV practitioners cultivate their professional identities at the intersection of general medical and HIV-specific confidentiality, this thesis argues that identity work is an important component in the reconfiguration of privacy practices. Secondly, this research draws attention to the role of political negotiations for privacy change, as HIV professionals and EPR developers came in conflict over the ethics of the technological integration project in the hospitals studied here. Thirdly, this thesis illustrates how confidentiality practices are shaped within the co-construction of information infrastructures and medical work, especially in relation to HIV normalisation. A number of implications for practice and policy also emerge from this study.

Il legislatore Europeo ha lavorato per anni per definire il concetto di sicurezza legato ai dati personali, definendo questa materia come Protezione dei Dati Personali. La Carta dei Diritti Fondamentali dell’Unione Europea, infatti, all'art. 8 garantisce ad ogni persona il diritto alla protezione dei dati di carattere personale che la riguardano. Così, con il continuo avanzare delle tecnologie informatiche il legislatore europeo ha deciso di adottare un Regolamento che si applica a tutte le persone presenti nell'Unione Europea e che per sua natura non necessita di alcun atto di recepimento da parte degli Stati membri: il Reg. UE 2016/679 (GDPR). Il Regolamento Generale sulla Protezione dei Dati è stato pubblicato nella Gazzetta Ufficiale dell’Unione europea il 4 Maggio 2016 e la sua applicazione decorreva dal 25 Maggio 2018. Questo regolamento si occupa nello specifico di focalizzare l’attenzione del titolare del trattamento e del responsabile del trattamento sull'importante questione della sicurezza riguardante la protezione dei dati con il fine ultimo di permettere all'interessato, i cui dati personali sono oggetto di trattamento, di veder rispettati i propri diritti. Il seguente elaborato si occupa di fornire una panoramica riguardante il Regolamento Generale sulla Protezione dei Dati, fornendo prima una descrizione di tutti gli aspetti importanti per capire meglio il contesto del regolamento (dati, privacy, sicurezza) per poi descrivere la normativa ed una serie di aspetti pratici per la sua applicazione, con particolare focus per i siti web.

Consumers have begun to take a more proactive approach to their healthcare by accessing pharmaceutical companies Websites to obtain health and drug information, support groups, rebates, coupons, as well as free drug trials. In exchange for these benefits, companies require consumers to voluntarily disclose information. However, research has shown that consumers continue to be concerned about how their information is managed, used, and distributed by companies, especially if accessed via the Web. To date, there has been limited empirical research to examine the actual online practices of companies when it comes to privacy, especially those of pharmaceutical companies. Using Delphi expert panel process, the components of a benchmarking index were identified to examine the documented and actual online practices of 100 Website registrations with pharmaceutical companies. The evolution for the development of an index to measure the personal information privacy violations of pharmaceutical companies is presented. Second, empirical evidence is provided regarding the magnitude of voluntary adherence to the Fair Information Practices (FIPs) by pharmaceutical companies based upon the personal information privacy violations. The results revealed that companies with headquarters in Europe had fewer personal information privacy violations than those in Asia, UK, and the US. Moreover, the results indicate that fewer personal information privacy violations occur for chronic conditions than for non-chronic conditions, as well as fewer violations occur with Website registrations for updates than for discounts. Finally, both Europe and UK demonstrated more overall adherence to FIPs than the US and Asia. This suggests that self-regulation may not be sufficient, while more enforcement may be necessary to decrease personal information privacy violations.

The European Union has introduced a new General Data Protection Regulation that regulates all aspects of privacy and data protection for the data of European citizens. To transition to the new rules, companies and public institutions were given two years to adapt their systems and controls. Due to the large area of changes the GDPR requires, many companies are facing severe problems to adapt the rules to be ready for enforcement. This marks the purpose of this study which is to look into compliance practices in the implementation of GDPR requirements. This includes a prospect of compliance mechanisms that may remain insufficiently addressed when the regulation comes into force on May 25, 2018. The study is conducted in Sweden and aims to investigate the situation in corporations and not in public institutions. Mixed methods have been applied by surveying and interviewing Swedish GDPR experts and consultants to gain an understanding of their view by using capability maturity scales to assess a variety of security processes and controls. The analysis shows a low implementation in GDPR requirements while having seen improvements over the past two years of transition. It points out that a holistic strategy towards compliance is mostly missing and many companies face obstacles that are difficult to overcome in a short period. This may result in non-compliance in many Swedish corporations after the regulation comes into force on May 25.

Whereas there are various initiatives to standardize the storage, processing and use of electronic patient information in the South African health sector, the sector is fragmented through the adoption of various approaches on national, provincial and district levels. Divergent IT systems are used in the public and private health sectors (“Recommendations of the Committee on …” 2003). Furthermore, general practitioners in some parts of the country still use paper as a primary means of documentation and storage. Nonetheless, the use of computerized systems is increasing, even in the most remote rural areas. This leads to the exposure of patient information to various threats that are perpetuated through the use of information technology. Irrespective of the level of technology adoption by practitioners in private healthcare practice, the security and privacy of patient information remains of critical importance. The disclosure of patient information whether intentional or not, can have dire consequences for a patient. In general, the requirements pertaining to the privacy of patient information are controlled and enforced through the adoption of legislation by the governing body of a country. Compared with developed nations, South Africa has limited legislation to help enforce privacy in the health sector. Conversely, Australia, New Zealand and Canada have some of the most advanced legislative frameworks when it comes to the privacy of patient information. In this dissertation, the Australian, New Zealand, Canadian and South African health sectors and the legislation they have in place to ensure the privacy of health information, will be investigated. Additionally, codes of practice and guidelines on privacy of patient information for GPs, in the afore-mentioned countries, will be investigated to form an idea as to what is needed in creating and formulating a new code of practice for the South African GP, as well as a pragmatic tool (checklist) to check adherence to privacy requirements.

This thesis focuses on the architectural production of Red Vienna in 1920s to examine the bourgeois conception of social housing program in a governmental socialist understanding of housing. Having a structural transformation through the First World War, Vienna became the enclave of Socialist Democrat Party and thereafter underwent radical housing and cultural transformative programs. Within these programs, it was intended to give the working-class the accurate social position by means of provided accessibility to their own private and public spheres. Among a wide range of housing examples built during the governance of the party, Karl Marx Hof, one of the largest projects, has been chosen to examine the reflections of bourgeois conception of culture. Based on the contradictory discourse and practices in political, architectural and cultural realms, the aim of the research is to redefine the privacy of the dwellings and the public qualities of the common spaces and thereafter to situate the proletarian housing in relation to bourgeois spatial values within the history of domestic space in Vienna.

A thesis submitted in partial fulfillment of the requirements for the degree of Doctor in Information Management, specialization in Geographic Information Systems
Location data is essential to the provision of relevant and tailored information in location-based services (LBS) but has the potential to reveal sensitive information about users. Unwanted disclosure of location data is associated with various threats known as dataveillance which can lead to risks like loss of control, (continuous) monitoring, identification, and social profiling. Striking a balance between providing a service based on the user’s location while protecting their (location) privacy is thus a key challenge in this area. Although many solutions have been developed to mitigate the data privacy-related threats, the aspects involving users (i.e. User Interfaces (UI)) and the way in which location data management can affects (location) data privacy have not received much attention in the literature. This thesis develops and evaluates approaches to facilitate the design and development of privacy-aware LBS. This work has explicitly focused on three areas: location data management in LBS, the design of UI for LBS, and compliance with (location) data privacy regulation. To address location data management, this thesis proposes modifications to LBS architectures and introduces the concept of temporal and spatial ephemerality as an alternative way to manage location privacy. The modifications include adding two components to the LBS architecture: one component dedicated to the management of decisions regarding collected location data such as applying restriction on the time that the service provider stores the data; and one component for adjusting location data privacy settings for the users of LBS. This thesis then develops a set of UI controls for fine-grained management of location privacy settings based on privacy theory (Westin), privacy by design principles and general UI design principles. Finally, this thesis brings forth a set of guidelines for the design and development of privacy-aware LBS through the analysis of the General Data Protection Regulation (GDPR) and expert recommendations. Service providers, designers, and developers of LBS can benefit from the contributions of this work as the proposed architecture and UI model can help them to recognise and address privacy issues during the LBS development process. The developed guidelines, on the other hand, can be helpful when developers and designers face difficulties understanding (location) data privacy-related regulations. The guidelines include both a list of legal requirements derived from GDPR’s text and expert suggestions for developers and designers of LBS in the process of complying with data privacy regulation.

In the United States, notice and choice remain the most commonly used mechanisms to protect people’s privacy online. This approach relies on the assumption that users provided with notice will make informed choices that align with their privacy expectations. The goal of this research is to empirically inform industry and regulatory efforts that rely on notice and choice to protect people’s online privacy. To do so, we present a set of case studies covering different aspects of privacy notice and choice in four domains: online behavioral advertising (OBA), online social networks (OSN), financial privacy notices, and websites’ machine-readable privacy notices. We investigate users’ privacy preferences, information needs, and ability to exercise choices in the OBAdomain. Based on our results, we provide recommendations to improve the design of notice and choice methods currently in use in this domain. In the context of OSNs, we explore the effect of nudging notices designed to encourage more thoughtful disclosures among Facebook users and recommend changes to the Facebook user interface aimed to mitigate problematic disclosures. We demonstrate how standardized notices enable large-scale evaluations and comparisons of companies’ privacy practices and argue that standardized privacy notices have an enormous potential to improve transparency and benefit users, privacy-respectful companies, and oversight entities. We argue that, in today’s complex Internet ecosystem, an approach that relies on users to make privacy decisions should also empower them with user-friendly interfaces, relevant information, and the tools they need to make privacy decisions. Finally, we further argue that notice and choice are necessary, but not sufficient to protect online privacy, and that government regulation is necessary to establish necessary additional protections including access, redress, accountability, and enforcement.

The main aim of this thesis is to construct efficient protocols to help preserve privacy of users in today's digital world. We are interested in not only theoretically sound constructions but also those which could be deployed in practice. In particular, we are interested in constructions whose security could be based on standard assumptions rather than idealized ones which are hard to realize in real life. We look at different types of protocols which include: proof systems, blind signatures, group signatures and their applications. We investigate the security of such schemes and present new efficient constructions. We investigate the Groth-Sahai proof system and extend its applicability to new settings which were not possible before. We then provide some efficient implementations of different proof systems in different models and compare and contrast their efficiency. For such implementations, we present optimization techniques which make the proofs more efficient and hence more suitable for being deployed in practice. For instance, we provide details of how to efficiently batch verify such proofs which would significantly speed up the verification process. In particular, we look at the case of using proof systems for the problem of circuit satisfiability. We also look at another application of proof systems and consider the case of proving set membership with as little interaction as possible. We then turn our attention to different variants of signature schemes where we present a new efficient blind signature scheme whose security is proved under standard assumptions. We also look at group signatures and related primitives where we formally investigate the security of group blind signatures for which we present a formalized security model for the first time. This would promote more rigorous security proofs. We then present an efficient construction which has a number of desirable properties and yet its security does not rely on any non-standard assumptions.

With the rapid growth of mobile, ubiquitous and wearable computing, location-based services become an indispensable part of mobile internet. These services rely on the geographical position of the mobile devices and provide location-dependent contents or services to users, such as location-based in- stant messaging, POI browsing, map navigation, and location-based virtual reality games. Most existing systems implement these location-based services by always storing and transmitting raw, plaintext GPS coordinates. However, location information is arguably a private asset of individual user, and the disclosure of such information could lead to severe privacy disclosure of other even more sensitive information, such as religion, sexuality, medical condition, or political affiliation. To address this issue, researchers have proposed a series of techniques to protect user location privacy against location-based service providers. How- ever, it is challenging to apply these theoretical and sophisticated techniques ii to practical location systems because of the computational or network over- head imposed on the mobile devices as well as the complexity of the secure protocols and algorithms for application developers. In this thesis, I will study two real-life privacy-preserving location systems and show how they can be adopted by developers with little security background. The rst is outdoor proximity detection that determines whether two users (or a user and an ob- ject) are within a given distance threshold. This is a fundamental service in many geo-social or map services. For example, \People nearby" in Wechat and QQ interconnect users because of their locality and/or mutual interests in some topics, such as food and movies. The second is indoor location mon- itoring and tracking. Wearable devices such as smart watch and bracelets continually broadcast Bluetooth Low Energy signals, which can be easily cap- tured by monitoring devices such as WiFi routers and Bluetooth scanners. As more and more wearable devices emerge, unauthorized monitoring and track- ing by adversary becomes great privacy threats not only in the cyberworld, but also in the physical world. To protect location privacy, I develop a real- life location monitoring system that is based on Bluetooth Low Energy (BLE) privacy feature that changes the device physical address periodically. To en- able users to better control their privacy level while still providing monitoring and tracking service to authorized parties (e.g., for child and elderly care), I extend BLE privacy by enriching its privacy semantics with a comprehensive set of metrics, such as simple opt-in/out, k-anonymity, and granularity-based anonymity. Both systems have been posted online and evaluated in terms of accuracy and user study.

When in physical proximity, data can be directly exchanged between the mobile devices people carry - for example over Bluetooth. If people cooperate to store, carry and forward messages on one another's behalf, then an opportunistic network may be formed, independent of any fixed infrastructure. To enable performant routing within opportunistic networks, use of social network information has been proposed for social network routing protocols. But the decentralised and cooperative nature of the networks can however expose users of such protocols to privacy and security threats, which may in turn discourage participation in the network. In this thesis, we examine how to mitigate privacy and security threats in opportunistic networks while maintaining network performance. We first demonstrate that privacy-aware routing protocols are required in order to maintain network performance while respecting users' privacy preferences. We then demonstrate novel social network routing protocols that mitigate specific threats to privacy and security while maintaining network performance.

Data surveillance is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons. This collection of papers was the basis for a supplication under Rule 28 of the ANU's Degree of Doctor of Philosophy Rules. The papers develop a body of theory that explains the nature, applications and impacts of the data processing technologies that support the investigation or monitoring of individuals and populations. Literature review and analysis is supplemented by reports of field work undertaken in both the United States and Australia, which tested the body of theory, and enabled it to be articulated. The research programme established a firm theoretical foundation for further work. It provided insights into appropriate research methods, and delivered not only empirically-based descriptive and explanatory data, but also evaluative information relevant to policy-decisions. The body of work as a whole provides a basis on which more mature research work is able to build.

We are living in a time of fundamental changes in the dynamic between privacy and surveillance. The ubiquity of information technology has changed the ways in which we interact, empowering us through new venues of communication and social intimacy. At the same time, it exposes us to the prying eyes of others, in the shape of governments, companies, or even fellow humans. This creates a challenging environment for the design of 'privacy-aware' applications, exacerbated by a disconnect between abstract knowledge of privacy and concrete information requirements of privacy design frameworks. In this work, we present a novel approach for the modeling of contextual privacy preference and practice. The process guides a 'privacy analyst' through the steps of evaluating, choosing, and deploying appropriate data collection strategies; the verification and validation of the collected data; and the systematic transformation of the dense, unstructured data into a structured domain model. We introduce the Privacy Domain Modeling Language (PDML) to address the representational needs of privacy domain models. Making use of the structure of PDML, we explore the applicability of the information theoretic concept 'entropy' to determine the completeness of the resulting model. We evaluate the utility of the process through its application to the evaluation and re-design of a web application for the management of students' directory information and education records. Through this case study, we demonstrate the potential for automation of the process through the Privacy Analyst Work eNvironment (PAWN) and show the process's seamless integration with existing privacy design frameworks. Finally, we provide evidence for the value of using entropy for determining model completeness, and provide an outlook on future work.
Ph. D.

The ability to control one’s own personally identifiable information is a worthwhile human right that is becoming increasingly vulnerable. However just as significant, if not more so, is the right to health. With increasing globalisation and threats of natural disasters and acts of terrorism, this right is also becoming increasingly vulnerable. Public health practice – which is charged with the protection, promotion and mitigation of the health of society and its individuals – has been at odds with the right to privacy. This is particularly significant when location privacy is under consideration. Spatial information is an important aspect of public health, yet the increasing availability of spatial imagery and location-sensitive applications and technologies has brought location-privacy to the forefront, threatening to negatively impact the practice of public health by inhibiting or severely limiting data-sharing. This study begins by reviewing the current relevant legislation as it pertains to public health and investigates the public health community’s perceptions on location privacy barriers to the practice. Bureaucracy and legislation are identified by survey participants as the two greatest privacy-related barriers to public health. In response to this clash, a number of solutions and workarounds are proposed in the literature to compensate for location privacy. However, as their weaknesses are outlined, a novel approach - the multidimensional point transform - that works synergistically on multiple dimensions, including location, to anonymise data is developed and demonstrated. Finally, a framework for guiding decisions on data-sharing and identifying requirements is proposed and a sample implementation is demonstrated through a fictitious scenario. For each aspect of the study, a tool prototype and/or design for implementation is proposed and explained, and the need for further development of these is highlighted. In summary, this study provides a multi-disciplinary and multidimensional solution to the clash between privacy and data-sharing in public health practice.

Background: Following the publication of Andrew Wakefield’s article claiming a link between Autism and the MMR vaccine in 1998, the U.K. and U.S. experienced a decline in vaccination rates. Combating the anti-vaccine messages highlighted by the media are the medical providers, who are consistently reported as an influential source of information for parental vaccine decision making. Despite efforts of the medical and public health community, some developed countries have seen a resurgence of vaccine preventable diseases. Purpose: This study seeks to examine parental vaccination concern in a private pediatric practice in metropolitan Atlanta. Methods: A questionnaire was created by the PI to assess parental vaccination concerns, including items to assess parental feelings toward the providers and nurses regarding preventative care. Data was analyzed in SPSS version 19.0. The study was approved by the IRB at Georgia State University. Results: A total of 283 participant responses were included in the sample. Overall vaccine adherence was 96.1% (272). However, a large minority of participants who were considered to have vaccine concerns were identified: 40.3% (114) of participants responded yes to at least one vaccine hesitation item. Conclusion: Vaccine adherence in a private pediatric practice remains high. However some parents continue to have vaccination concerns and may be at risk for deviating from the vaccine schedule. Using qualitative methods to obtain parental beliefs may provide a deeper understanding of parental decisions to aid in the development of public health education programs. The feasibility of collecting data at a private pediatric practice is discussed.

In March of 2010, the 44th President of the United States, Barack Obama, signed into law a health care reform bill that will change the medical and business approach to healthcare that has been witnessed for quite some time. The Patient Protection and Affordable Care Act, aims to eliminate several inefficiencies encountered in our current health care system, as well as extend coverage by providing affordable care for the roughly forty six million Americans currently uninsured. Many of the changes will be implemented over the next several years, but hospitals, businesses, physicians, and insurance companies are no doubt planning ahead for the effects these changes will have on their particular industry. Although there will be many facets of change affecting all of the previously mentioned occupancies, the goal of this paper is to investigate the effect healthcare reform will have on private medical practices in the United States. The following sections will cover ways in which medicine has been practiced in the pre-reform era, historical attempts made to pass health reform legislation, several of the issues our current system faces along with the reform changes implemented to fix them. Then I will investigate the effect these changes will have, if any, and conclude by relating everything back to independent medical practices.

As Turkish Higher Education has been facing rapid and significant growth in recent decades, the creation of Foundation Universities (private but not-for-profit) has both supported this growth and presented new challenges. One of these challenges has been the visible absence of effective governance models and practices, specifically the involvement of internal and external stakeholders in decision-making processes. The aim of this research is to identify the factors affecting the emergence of established shared governance practices in Turkish private (Foundation) universities, in order to contribute to effective policy making and application by administrators and managers in higher education. Primarily based on qualitative data gathering methods through in-depth, semi-structured interviews with leading educators in Turkey, the thesis also utilizes publicly available data from official reports. The thesis identified several factors, such as Turkish Higher Education Culture, Politics, Regulations and Higher Education Law, Founding Principles and Trust, Loyalty and Ownership as being significantly influential in shaping an institution’s participatory governance practices; the level of institutionalization, or kurumsallaşma, however, has been found to be a mediating filter that determines the impact of these factors on the school. Claiming that Culture remains the dominating factor in preventing the establishment of shared governance mechanisms, this thesis concludes by making a variety of policy and practice recommendations ranging from regulatory changes to the entire system, to obtaining specific external audits and to establishing certain committee structures to increase internal stakeholder participation, as well as creating a culture that balances collegiality and corporate practices by placing individuals with skills in both modes of thinking to key nodes of governance.

Doctor of Philosophy
Department of Hospitality Management and Dietetics
Carol W. Shanklin
The purpose of this study was to survey country club professionals’ importance perceptions of food defense and the frequency with which preventive practices were implemented in their clubs to prevent bioterrorism. Gaps between importance perceptions and practice frequency were compared with concern of food terrorism and practice frequency implementation. Perceived self-efficacy measures and perceived barriers were compared with motivations to develop a food defense management plan and practice frequency implementation. Importance perceptions and practice frequencies were studied to ascertain if there were differences among operational factors. Club professionals with smaller gaps implemented preventive practices more frequently. Club professionals with higher self-efficacy levels were more motivated to develop food defense management plans and implemented preventive practices more frequently. Club professionals with higher barriers were less motivated to develop food defense management plans and implemented preventive practices less frequently. The field study component investigated food security practices in private country clubs. Club manager interviews and observations of operational practices were conducted. Most club managers stated that they did not think their clubs were at risk of a bioterrorist attack. Cost and lack of need were identified as barriers towards implementing a food defense management plan. Club employees were perceived to be more likely to initiate a bioterrorism attack than non-employees. Background checks and good employment practices were perceived as effective in increasing food security in clubs. Most clubs did not monitor arrivals and over half did not secure their chemicals. Based on the results of the field study, the researcher recommended several actions that could improve food security in country clubs including installing video surveillance and developing disaster management plans that include food defense. Recommendations for future research included continued examination of club managers’ self-efficacy perceptions towards biosecurity and identifying barriers to food defense implementation in other retail foodservice segments.

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.
Cataloged from PDF version of thesis.
Includes bibliographical references (p. 87-91).
In recent years, there has been a rapid evolution of location-based vehicular and mobile services (e.g., electronic tolling, congestion pricing, traffic statistics, insurance pricing, location-based social applications), which promise tremendous benefits to users. Unfortunately, most such systems pose a serious threat to the location privacy of users because they track each individual's path. A question that arises naturally is how can we preserve location privacy of users while maintaining the benefits of such services? In this thesis, we address this question by tackling two general problems that are the foundation of many of the aforementioned services. The first problem is how to enable an untrusted server to compute agreed-upon functions on a specific user's path without learning the user's path. We address this problem in a system called VPriv. VPriv supports a variety of applications including electronic tolling, congestion pricing, insurance premium computation, and some kinds of social applications. The second problem is how to enable an untrusted server to compute aggregate statistics over all users' paths without learning any specific user's path. We tackle this problem in a system called PrivStats. With PrivStats, one can compute statistics such as traffic statistics (e.g., average speed at an intersection, average delay on a road, number of drivers at a location) or average ratings of a location in a social application. The computation and threat models for VPriv and PrivStats are different, and required markedly different solutions. For both systems, we provide formal definitions of location privacy and prove that our protocols achieve these definitions. We implemented and evaluated both systems, and concluded that they are practical on commodity hardware and smartphones.
by Raluca Ada Popa.
M.Eng.

Using a combined quantitative, qualitative approach, this study explores the teaching practices of outstanding faculty at a private, liberal arts institutions by posing questions that revolve around learner-centered teaching practices, characteristics of outstanding teachers, effective teaching, and pressures on the professoriate related to the phenomena of academic capitalism. Outstanding professors from the College of Arts and Sciences, and Schools of Business, Education, and Nursing were invited to participate in this research. Weimer's (2002) five learner-centered changes to teaching practice framed this investigative study. This conceptual framework consists of altering the role of the teacher, balancing power in the classroom between teacher and students, changing the function of course content, instilling student responsibilities for learning, and using different processes and purposes for evaluation that serve to guide teacher and students interactions throughout the course.The findings of the study suggest that faculty from the School of Education agree with and implement all five of Weimer's (2002) learner-centered changes to teaching practice. However, there is incongruence between the learner-centered teaching beliefs and learner-centered teaching practices of outstanding teachers from the College of Arts and Sciences and the Schools of Business and Nursing. This study seems to indicate that several pressures on the professoriate including the phenomena associated with academic capitalism affect teaching practices in the classroom. Existing learner-centered practice models can be informed by the salient findings of this study.

Providing privacy for users is an important matter, data is processed to an increasing extent including sensitive personal information. It is a liability for organizations to take responsibility for the privacy of their users. Organizations are required by law to handle personal information in accordance to General Data Protection Regulation (GDPR). But there is a gap between the legal requirements and the technical solutions. The framework Privacy by Design (PbD) presents guidelines to include privacy in a system but lacks concrete implementations. This paper investigates how PbD can be applied to a system and how it impacts the system development. The study adopts the approach of Colesky, Hoepman and Hillen to apply Privacy by Design in Practice. This was used to develop a system model with consideration of the privacy of users as well as functional requirements and the needs of system developers. The evaluation showed a positive attitude among system developers towards the proposed system model implementing PbD. The system developers estimated that the proposed system model would introduce a slight decrease in productivity but believed the positive aspects of applying privacy would outweigh the disadvantages.
Användares integritet har blivit allt viktigare i takt med att mer data hanteras, inklusive känslig personlig information. Organisationer är skyldiga att ta ansvar för sina användares integritet. Det är obligatoriskt enligt lag för organisationer att hantera personlig information i enlighet med kraven definierade i direktivet Allmän Dataskyddsförordning eller General Data Protection Regulation(GDPR) på engelska. Men det kvarstår en klyfta mellan de juridiska kraven och tekniska lösningar. Inbyggd integritet eller Privacy by Design(PbD) på engelska består av principer för att utforma system med hänsyn till integritet, men metoden saknar konkreta implementationer. Denna studie undersöker hur PbD kan appliceras i ett system och hur det påverkar systemutvecklingen. Studien använder Colesky, Hoepman och Hillens tillvägagångssätt för att applicera PbD i praktiken. Med denna metod utvecklades en modell av ett system som tar hänsyn till användarnas integritet likväl systemutvecklarnas behov och systemkrav. Utvärderingen visade att systemutvecklarna var positiva till den föreslagna systemmodellen implementerad med PbD. Systemutvecklarna estimerade att den föreslagna systemmodellen skulle medföra en lätt minskning i produktiviteten men förmodade att de positiva effekterna av inbyggd integritet skulle väga upp nackdelarna.

In recent years, entrepreneurship studies scholars have begun studying entrepreneurship from a process-oriented philosophy and with an interest in the prosaic, everyday practices of entrepreneurs. In keeping with these "new movement" approaches, I have tried to "catch" entrepreneurship as it is happening within the field of private investigations. An in-depth, two-year field study of private investigators engaged in the entwined practices of investigating and entrepreneuring was conducted. Methodologically, I shadowed five private investigators and interviewed an additional 25. Because shadowing is an emergent methodology, an in-depth discussion of conducting and writing shadowing research is provided. As noted in this discussion, it is important that writing remain primarily descriptive yet linked to dominant contemporary discourses. Consequently, an overview of dominant narrative themes in popular and academic discourses about private investigating and entrepreneurship are included. Based on the framework of this methodology, dominant narrative themes, and field notes, various culturally-situated accounts of private investigator practices are offered. The findings of this research project suggest that private investigators use various rhetorical and practical strategies to successfully and simultaneously complete investigative and business-related tasks, such as "planting suspicions," using gender and race to strategically position themselves in relation to others in opportunistic ways, and incorporating contemporary technology into their work routines. Drawing on actor-network-theory, I argue that opportunities are enacted through a series of taken-for-granted and everyday interactions among subjects and objects. This research privileges descriptive accounts over theory-building. However, the descriptive accounts of the practices of subjects and objects suggest pragmatic solutions for private investigators to create and manage entrepreneurial opportunities. For example, I propose that private investigators should collectively engage in practices that further professionalize their field. Such professionalizing activities would include, among other things, engaging in knowledge accumulation through academic and professional research activities and professional association public relations campaigns. Insights are also provided regarding the role of rhetoric and technology in opportunity creation and destruction. Readers interested in organization communication and theory will find many of the descriptions to be empirically rich examples of ethno-methods used by actors in highly institutionalized contexts. Similarly, these scholars may also find the descriptions to validate recent arguments regarding organizing as "hybridized actions" (or action nets) occurring in multiple spaces, places, and times. The examples herein demonstrate the usefulness of shadowing as an approach to understanding organizing practices, especially in fields where actors are always "on the move." Readers interested in private investigating will find many of the examples rich in techniques that will enhance profitability. Finally, readers interested in entrepreneurship studies will undoubtedly find many novel potential research projects that are embedded in the various thick descriptions throughout the document.

Thesis: S.M. in Management Research, Massachusetts Institute of Technology, Sloan School of Management, 2015.
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 70-76).
Public-Private Partnerships (PPP) have emerged as a means to develop physical and social infrastructure assets in developing countries. PPPs enable governments to attract private sector investment in public infrastructure services, which would supplement public resources or release them for other public needs. They also allow governments to utilize the efficiency and expertise of the private sector in providing public services which have been traditionally delivered by the public sector. There has been an increased focus on developing alternatives to fossil fuels in recent times for sustainable development, which has put the spotlight on renewable energy sources. Renewable energy sources have largely been developed in the advanced economies, with emerging markets lagging behind. A possible reason could be that despite the rapid reduction in the cost of generating renewable energy in the past few years, the cost is still higher compared to the cost of conventional energy sources such as coal and natural gas. Increased private sector participation in the sector through the PPP mode may help to improve technologies and reduce costs in emerging markets, as has been the case in many developed countries. The aim of this thesis is to study some of the successful PPPs implemented in the renewable energy sector in emerging markets and identify best practices that have contributed to the success of these arrangements. These findings can be used as leamings for similar renewable energy programs in developing countries worldwide. Keywords: public-private partnerships, PPP, renewable energy, emerging markets, developing countries, South Africa, India, public policy, REIPPP, Charanka solar park, Gujarat, solar energy, solar parks, rooftop solar.
by .Ninad Rajpurkar
S.M. in Management Research

Made available in DSpace on 2016-04-27T14:48:47Z (GMT). No. of bitstreams: 1 Nadja Rodrigues da Silva.pdf: 2091688 bytes, checksum: 3f8fc51b9ee6e8e4743f9b9b6f8fc472 (MD5) Previous issue date: 2015-10-01
This study investigated the practices of literary and evaluation from the first two years of the elementary school level I teachers. The intent is to reveal how these practices are established in the classroom context, in order to evaluate the children passing through the literacy process. The research is developed in a qualitative perspective using as methodological procedures a semi-structured interview, a questionnaire, and observations in the classroom. The subjects of the research consisted of three female teachers that act in the early years of the elementary school level I in a private school of the São Paulo city. From the qualitative approach, the participant observation was the main strategy used in order to collect the data, which included recordings of situations experienced by the teachers and the schoolchildren. The descriptions arise from the literacy and evaluation events observed and from the interviews with the teachers, which consisted of speaking, reading, and writing skills. To discuss the literacy theme, we used the psychogenesis studies of Ferreiro and Telberosky (1999), and Soares (2003) as references. The theme evaluation was discussed using the works of Hoffmann (2009) and Luckesi (2011). Based on data analysis, the study evinced that the literacy and evaluations conceptions existent in the teachers practices resulted from different didactics pedagogical approaches
O presente estudo investigou as práticas de alfabetização e avaliação de professoras dos dois primeiros anos do ensino fundamental I. A pesquisa se desenvolveu numa perspectiva qualitativa e os procedimentos metodológicos foram entrevista semiestruturada, questionário e observação de aula, com registros de situações vivenciadas entre professoras e alunos. Os sujeitos da pesquisa são três professoras que atuavam nos primeiros anos do ensino fundamental I, em escola privada do município de São Paulo. No que se refere à alfabetização, tomamos como referência os estudos da psicogênese de Ferreiro e Teberosky (1999) e Soares (2013) e, para a avaliação as discussões apontadas por Hoffmann (2009) e Luckesi (2011). A partir das análises dos dados, o estudo evidenciou que as práticas de alfabetização e avaliação analisadas são decorrentes da apropriação e articulação de diferentes abordagens didático-pedagógicas

nÃo hÃ
O MinistÃrio de EducaÃÃo - MEC incluiu, em 2005, a responsabilidade social (RS) das instituiÃÃes de ensino superior â IES, como item de avaliaÃÃo. Trata-se de um conceito sinonÃmico, que se define por esta expressÃo e diversos outros termos correlatos. Em termos objetivos, foram analisados os discursos em torno dos projetos de responsabilidade social das IES, no que se refere Ãs formas de apropriaÃÃo e interpretaÃÃo das determinaÃÃes do MEC para este fim. Segundo o MEC (2010) os projetos de responsabilidade social devem discutir/intervir na: promoÃÃo da equidade social, na preservaÃÃo do meio ambiente e numa sÃrie de outras temÃticas. A pesquisa a foi realizada a partir de entrevistas semiestruturadas, observaÃÃo direta e anÃlise documental, perfazendo 12 instituiÃÃes de ensino superior privadas. Foram pontuados quatro lugares de fala: das coordenaÃÃes, das direÃÃes, do material publicitÃrio e dos projetos sociais formalizados. Uma caracterÃstica comum aos projetos e aÃÃes sociais privadas das propostas interventivas que foram pesquisadas, à que a necessidade objetiva de desenvolver os projetos sociais, nÃo pode ser entendida como uma escolha de participaÃÃo polÃtica, de transformaÃÃo das questÃes sociais que nos afligem, à uma atitude necessÃria, como prÃtica profissional, o mercado impÃe e o MEC regulamenta. Portanto, à uma determinaÃÃo que exige um cumprimento das regras e as IES nÃo tÃm o menor constrangimento de assumir que, enquanto cumprem determinaÃÃes legais ou prÃticas laborais, desenvolvem projetos sociais e nÃo ao contrÃrio. Nessa relaÃÃo entre os atores que se constituem como interventores e beneficiados, se desenvolve uma solidariedade verticalizada e contrassensual (ZALUAR, 2001), em que os discursos de libertaÃÃo sÃo ao mesmo tempo de discriminaÃÃo (MARTINS, 2008). A estigmatizaÃÃo, no sentido de Goffman (1982), dà o tom das escolhas e da percepÃÃo do outro nessas propostas de ajustamento social por meio de aÃÃes solidÃrias, apesar das boas prÃticas e do comprometimento dos sujeitos envolvidos nos projetos. Nesse sentido, os projetos e aÃÃes sociais se caracterizam por sua âfunÃÃo de redentoresâ quando as IES tomam para si o papel de salvar o mundo, mas nÃo reconhecem as singularidades e potencialidades das comunidades em que atuam, desse modo, colocam os indivÃduos numa condiÃÃo de nÃo aceitaÃÃo social plena, de inabilitado ou de carente.
The Ministry of Education - MEC included, in 2005, the social responsibility (SR) of higher education institutions - HEI, as an appraisal item. It is a synonymic concept, which is defined by this expression and several other related terms. In objective terms, the discourse about social responsibility projects of HEIs were analyzed, in relation to forms of appropriation and interpretation of the MEC determinations for this purpose. According to the MEC (2011) the social responsibility projects should discuss / act on: promoting social equity, preservation of the environment and a range of other issues. The survey was conducted from semi-structured interviews, direct observation and document analysis, comprising 12 private higher education institutions. Four places speech were scored: coordinations, the directions, advertising material and social projects formalized. A common feature of social projects and actions of private interventional proposals that were surveyed is that the objective necessity to develop social projects can not be understood as a choice of political participation, transformation of the social issues that plague us; it is an attitude required, as a profession, the market requires and regulates MEC. Therefore, it is a determination that requires compliance with the rules and HEIs do not have the slightest embarrassment to assume that while they comply with legal requirements or labor practices, they develop social projects and not otherwise. In this relationship between the actors formed as intervenors and benefited develops a vertical and contrasensual solidarity (ZALUAR, 2001), in which the discourses of liberation happen concomitantly with discrimination (Martins, 2008). Stigmatization, to Goffman (1982), sets the tone of the choices and the perception of the other proposals in these social adjustment through solidarity actions, despite the good practices and the commitment of those involved in the projects. In this matter, social projects and actions are characterized by their "redemptive function" when HEIs take upon themselves the role of saving the world, but do not recognize the uniqueness and potential of the communities in which they operate, thereby, placing individuals in the condition that the society does not accept them fully, the disqualified or needy conditions.

L'apprentissage automatique (en anglais machine learning) ou apprentissage statistique, a prouvé être un ensemble de techniques très puissantes. La classification automatique en particulier, permettant d'identifier efficacement des informations contenues dans des gros ensembles de données. Cependant, cela lève le souci de la confidentialité des données. C'est pour cela que le besoin de créer des algorithmes d'apprentissage automatique capable de garantir la confidentialité a été mis en avant. Cette thèse propose une façon de combiner certains systèmes cryptographiques avec des algorithmes de classification afin d'obtenir un classifieur que veille à la confidentialité. Les systèmes cryptographiques en question sont la famille des chiffrements fonctionnels. Il s'agit d'une généralisation de la cryptographie à clef publique traditionnelle dans laquelle les clefs de déchiffrement sont associées à des fonctions. Nous avons mené des expérimentations sur cette construction avec un scénario réaliste se servant de la base de données du MNIST composée d'images de digits écrits à la main. Notre système est capable dans ce cas d'utilisation de savoir quel digit est écrit sur une image en ayant seulement un chiffre de l'image. Nous avons aussi étudié la sécurité de cette construction dans un contexte réaliste. Ceci a révélé des risques quant à l'utilisation des chiffrements fonctionnels en général et pas seulement dans notre cas d'utilisation. Nous avons ensuite proposé une méthode pour négocier (dans notre construction) entre les performances de classification et les risques encourus
Machine Learning (ML) algorithms have proven themselves very powerful. Especially classification, enabling to efficiently identify information in large datasets. However, it raises concerns about the privacy of this data. Therefore, it brought to the forefront the challenge of designing machine learning algorithms able to preserve confidentiality.This thesis proposes a way to combine some cryptographic systems with classification algorithms to achieve privacy preserving classifier. The cryptographic system family in question is the functional encryption one. It is a generalization of the traditional public key encryption in which decryption keys are associated with a function. We did some experimentations on that combination on realistic scenario using the MNIST dataset of handwritten digit images. Our system is able in this use case to know which digit is written in an encrypted digit image. We also study its security in this real life scenario. It raises concerns about uses of functional encryption schemes in general and not just in our use case. We then introduce a way to balance in our construction efficiency of the classification and the risks

Business concepts and business development are not routinely a part of nursing education at the undergraduate or at the graduate level. Business plans are vital if a business is to have a chance to succeed. Many talents of the advanced nurse practitioner are transferable to the development of a business plan. Assessing, identifying problems (diagnosing), developing interventions, implementing solutions, and evaluating activities are equally important to the business plan and to the clinical practice of the nurse practitioner. This project addresses the problem of how nurse practitioners can use their talent to develop a business plan that is sound and can be implemented. The completed project identifies the components of a business plan in business terms and in health care terms. It includes discussions of the relevant components of a business plan that include: an executive summary, the vision and mission statement, a business strategy and strength, weakness, opportunities, and threat analysis (SWOT), an industry analysis, market strategy and plan, operational plan, and a financial plan that includes a projected cash flow for the development of a privately owned, entrepreneurial, family nurse practitioner practice. Included in this project is a specific business model for a practice in rural Northeast Iowa. The entrepreneur nurse practitioner will be able to use this business plan as a model to personalize a business plan, to seek funding, or to actually implement a private nursing practice. Throughout the completion of this project, it was realized that no one plan can solve every problem that may arise. A good plan can determine if a business practice is feasible, provide warning signs for when it is time to reexamine the idea of establishing a private practice and guide contingency plans for unpredicted events in the life of a business.

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2017.
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 39-43).
Every day, millions of people rely on third party services like Google Maps to navigate from A to B. With existing technology, each query provides Google and their affiliates with a track record of where they've been and where they're going. In this thesis, I design, engineer, and implement a solution that offers absolute privacy when making routing queries, through the application of the Function Secret Sharing (FSS) cryptographic primitive. I worked on a library in Golang that applied an optimized FSS protocol, and exposed an API to generate and evaluate different kinds of queries. I then built a system with servers that handle queries to the database, and clients that generate queries. I used DIMACS maps data and the Transit Node Routing (TNR) algorithm to obtain graph data hosted by the servers. Finally, I evaluated the performance of my system for practicality, and compared it to existing private map routing systems.
by Catherine Yun.
M. Eng.

Privacy has always been an area broadcasters find problematic to deal with, as there are many grey areas existing when it comes to discussing privacy issues. Over the past 15 operating years since its establishment, the Broadcasting Standards Authority (BSA) has been playing a very significant role in laying down the parameters regarding broadcasting standards for broadcasters in New Zealand. This thesis sets out to examine the Authority's role in the area of privacy in broadcasting. The Authority's privacy complaint decisions between 1996 and 2003 were examined in pursuit of this objective. The evolution of the Authority's privacy principles was also explored in this study. As a result, it was found that the Authority has defined the parameters of privacy for broadcasters more explicitly and precisely than ever before.

Security and privacy practices of end-users on social media are an important area of research, as well as a top-of-mind concern for individuals as well as organizations. In recent years, we have seen a sharp increase in data breaches and cyber security threats that have targeted social media users. Hence, it is imperative that we try to better understand factors that affect an end-user’s adoption of effective security safeguards and privacy protection practices. In this research, we propose and validate a theoretical model that posits several determinants of end-user security and privacy practices on social media. We hypothesize relationships among various cognitive, affective and behavioral factors identified under the themes of posture, proficiency, and practices. These constructs and hypotheses are validated through empirical research comprising an online survey questionnaire, and structural equation modeling (SEM) analysis. The key findings of this study highlight the importance of cyber threat awareness and social media security and privacy self-efficacy, which have a direct impact on end-user security and privacy practices. Additionally, our research shows that use of general technology applications for security and privacy impacts the adoption of security and privacy practices on social media. In totality, our research findings indicate that proficiency is a better predictor or security and privacy practices as compared to the posture of an end-user. Factors such as privacy disposition, privacy concerns, and perceived risk of privacy violations do not have as significant or direct effect on security and privacy practices. Based on our research findings, we provide some key take-aways in the form of theoretical contributions, suggestions for future research, as well as recommendations for organizational security awareness training programs.

Thesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2010.
Vitae. Cataloged from student submitted PDF version of thesis.
Includes bibliographical references (p. 85-89).
In times of disaster, demand for goods and services in affected areas spikes. Private companies generally have contingencies in place for business continuity; however, most lack a strategic approach to join the general population's relief efforts. Why are some companies more effective within disaster relief supply chains than others? How can a company approach this area of opportunity? This thesis explores what a disaster is and how disaster management works; recognizing what stakeholders participate during disaster recovery efforts; and extrapolating best practices applied during past disasters by companies that have been deemed successful. Based on the strategies identified during our research, we came up with a framework of nine best practices and suggest how to apply it across a range of ten industries.
by Karn Budhiraj and Gabriel de la Torre Castro.
M.Eng.in Logistics