Zhou Tian-shu,Li Peng-fei,Li Jing-song

DOI: https://doi.org/10.2991/ccis-13.2013.56

2013-01-01

Abstract:Since the health information exchange (HIE) becomes more and more important and numerous systems have been implemented among medical institutions and regions, there also grows the concern of data security and privacy protection. In the prior work, we have designed and developed an international clinical data exchange system named Global Dolphin, technically achieving the goal of health information exchange between China and Japan. However, to put the system into practical use, we have to take the different privacy protection rules into account. In the clinical data exchange implementation, we tried to conform to the stricter privacy protection standards and designed a protected health information (PHI) de-identification system to keep the personal information secure from third parties. Since China and Japan do not yet have detailed rules and guidelines such as the safe harbor method in Health Insurance Portability and Accountability Act (HIPAA), thus we have referenced some of the HIPAA rules and guidelines about PHI, and used a dictionary and regular expressions pattern matching de-identification means to protect personal privacy.

Amen Faridoon,M. Tahar Kechadi

DOI: https://doi.org/10.48550/arXiv.2307.06779

2023-07-13

Abstract:In today's highly connected society, we are constantly asked to provide personal information to retailers, voter surveys, medical professionals, and other data collection efforts. The collected data is stored in large data warehouses. Organisations and statistical agencies share and use this data to facilitate research in public health, economics, sociology, etc. However, this data contains sensitive information about individuals, which can result in identity theft, financial loss, stress and depression, embarrassment, abuse, etc. Therefore, one must ensure rigorous management of individuals' privacy. We propose, an advanced data privacy management architecture composed of three layers. The data management layer consists of de-identification and anonymisation, the access management layer for re-enforcing data access based on the concepts of Role-Based Access Control and the Chinese Wall Security Policy, and the roles layer for regulating different users. The proposed system architecture is validated on healthcare datasets.

Cryptography and Security

Sun Guangzhong,Wei Shen,Xie Xing

2013-01-01

Abstract:In this paper,we illustrate the importance of privacy protection with an Internet case. Then we introduce some frequently-used anonymized methods in privacy protection,and present practical ways to de-anonymize data in some popular fields: rating recommendation system,social network and blogs. We believe the publication of data is beneficial to academic research,but we still need to work hard on privacy protection.

Zeyu Zhang,Zhiyang Lu,Youliang Tian

DOI: https://doi.org/10.1109/nana.2019.00046

2019-01-01

Abstract:De-identification enables to protect privacy of data from different attacks. At present, the specific de-identification standards and privacy quantification methods are given in many models, such as K-anonymity model and differential privacy model. But, the K-anonymity model does not provide an effective method to prove its degree of privacy protection, and when the model parameters change, the degree of privacy protection cannot be quantified. And due to rigorous calculation method of the differential privacy model, which quantifies the degree of privacy protection based on a mathematical basis, it is difficult to be used widely in organizations and institutions. So, this paper proposes a de-identification model, which includes quantification solution of identifying the sensitivity of the personal information, de-identification approach for adaptively matching different standard de-identification methods to personal information with different sensitivities and de-identification effect detection function. The objective is to provide an automatic, efficient and widely used de-identification model, which is built by quantitatively analyzing degree of privacy protection based on conditional entropy. Finally, performance analysis results show that the model makes the trade-off between privacy and secure of data and the widespread use of data.

Jingyi Cao,Xiangyi Chen,Bo Liu,Ming Ding,Rong Xie,Li Song,Zhu Li,Wenjun Zhang

2024-11-15

Abstract:The widespread use of image acquisition technologies, along with advances in facial recognition, has raised serious privacy concerns. Face de-identification usually refers to the process of concealing or replacing personal identifiers, which is regarded as an effective means to protect the privacy of facial images. A significant number of methods for face de-identification have been proposed in recent years. In this survey, we provide a comprehensive review of state-of-the-art face de-identification methods, categorized into three levels: pixel-level, representation-level, and semantic-level techniques. We systematically evaluate these methods based on two key criteria, the effectiveness of privacy protection and preservation of image utility, highlighting their advantages and limitations. Our analysis includes qualitative and quantitative comparisons of the main algorithms, demonstrating that deep learning-based approaches, particularly those using Generative Adversarial Networks (GANs) and diffusion models, have achieved significant advancements in balancing privacy and utility. Experimental results reveal that while recent methods demonstrate strong privacy protection, trade-offs remain in visual fidelity and computational complexity. This survey not only summarizes the current landscape but also identifies key challenges and future research directions in face de-identification.

Computer Vision and Pattern Recognition,Cryptography and Security

Jing Su,Jiale Gai,Yaqing Si,Xinyu Zheng,Guangkai Li,Zhixue Liu

DOI: https://doi.org/10.1088/1742-6596/1616/1/012034

2020-01-01

Journal of Physics Conference Series

Abstract:Abstract Big data brings tremendous commercial value, but at the same time, it also leads to personal information leakage and other problem. This paper analyses the laws and regulations of the personal information and anonymization at home and abroad, and discusses the legal identification criterion of personal information, personal data and data anonymization systematically. And combining with the practice, this paper provides general methods for anonymizing data with personal privacy when they are used or traded by companies.

Moon-Ho Joo,Sang-Pil Yoon,Hun-Yeong Kwon,Jong-In Lim

DOI: https://doi.org/10.3233/ip-170057

2018-06-29

Information Polity

Abstract:In the age of big data, many countries are implementing and establishing de-identification policies quite actively. There are many efforts to institutionalize de-identification of personal information to protect privacy and utilize the use of personal information. But even with such efforts, de-identification policy always has a potential risk that de-identified information can be re-identified by being combined with other information. Therefore, it is necessary to consider the management mechanism that manages these risks as well as a mechanism for distributing the responsibilities and liabilities in the event of incidents involving the invasion of privacy. So far, most countries implementing the de-identification policies are focusing on defining what de-identification is and the exemption requirements to allow free use of de-identified personal information. On the other hand, there is a lack of discussion and consideration on how to distribute the responsibility of the risks and liabilities involved in the process of de-identification of personal information. The purpose of this study is to compare the de-identification policies of the European Union, the United States, Japan, and Korea, all of which are now actively pursuing de-identification policies. Additionally, this study proposes to take a look at the various de-identification policies worldwide and contemplate on these policies in the perspective of risk society and risk-liability theory. The constituencies of the de-identification policies are identified in order to analyze the roles and responsibilities of each of these constituencies thereby providing the theoretical basis on which to initiate the discussions on the distribution of burden and responsibilities arising from the de-identification policies.

YANG Haifang,ZHANG Lingling,WANG Mingzheng,HU Xiangpei

DOI: https://doi.org/10.13587/j.cnki.jieem.2023.05.012

2023-01-01

Abstract:In the era of big data,personal data has become one of the important resources in every field of scientific research,business analysis,medical services,social computing and so on.The sharing and application of personal data can produce great economic or social value.However,the improper use of personal data is easy to disclose personal privacy information.How to solve the contradiction between data application and personal privacy has become one of the current research hotspots.When personal data is shared and used,it is necessary to delete the explicit identifier attributes like name of the individuals in advance,but the attacker can still reveal the identity privacy or some sensitive information of individuals,through one or more non-sensitive values of the quasiidentifier attributes（QI）,such as gender,age,and region,or some values of the sensitive attributes（SA）,such as salary and disease,in this data set.Most current data privacy studies often assume that the data set has simply one-to-one relationship between individuals and records,which is called single-record data.In order to protect personal privacy in single-record data,scholars have come up with a variety of typical privacy anonymous models,such as k-anonymity,l-diversity,（α,k）-anonymity,t-closeness andβ-likelihood,etc.But in practice,there are a large number of data sets in which one individual may correspond to multiple records,short for multi-record data.If these above privacy models are directly applied on the multi-record data,it may cause some new privacy risks.To protect the privacy of Individuals in multi-record data,several scholars have proposed Identity-reversed（IR） privacy models like IR k-anonymity,IR l-diversity and IR（α,β）-anonymity,as well as enhanced privacy models such as EIR（α,β）-diversity and EIR l-diversity,when considering that the background knowledge related to only QI information is known to the attacker;and a few numbers of scholars have developed（k,k m ）-anonymity and（k,l）-diversity models,supposing that the attacker may know the background knowledge of either QI information or SA information.However,all of these models cannot provide adequate protection for the privacy of individuals in multi-record data.This research analyzes the privacy disclosure problem in the situation of multi-record data when an attacker has more stronger background knowledge,and proposes a new privacy-preserving model as well as the corresponding algorithm to satisfy the stricter privacy needs in applications of multi-record data.In the first part,it discusses all kinds of the privacy risks in the situations that an attacker knows the background knowledge related to either one of and both of the QI and SA information and indicates the defects of the current privacy models.Also,it presents a new privacy disclosure problem named unclosed itemset fingerprint attack（UCIFA）,which is based on the attacking by using strong background knowledge.In the second part,to overcome the UCIFA problem,it requires each person’ s whole sensitive values expressed as the form of an itemset should be closed.If an individual’s SA itemset cannot satisfy the closure constraint by partitioning the records of individuals into several groups,then this itemset should be further processed by the mean of cracking.Based on these,a new privacy model named closure and enhanced identity-reserved l-diversity（CEIR l-diversity） is present,which requires that the QI values and the SA values of each individual should satisfy EIR l-diversity and the closure constraint respectively.In the third part,it develops an algorithm called data anonymization based on closure and enhanced l-diversity（DACEL） to make the multi-record data satisfy CEIR l-diversity.It consists of three core steps:firstly,dividing the records in a multi-record dataset into several QI-groups,so that the records of individuals in each group have similar QI-values and satisfy the constraint of EIR l-diversity;secondly,in each QI-group,cracking the sensitive itemset of each individual that contains non-closed subsets into several small itemsets,each of which must satisfy the closure constraint;finally,in each QI-group,generalizing the QI-values of all records to make the anonymized data table satisfy CEIR l-diversity.In the fourth part,the proposed privacy model and its corresponding algorithm,referring as CEL-method,is compared with two kinds of leading-edge methods on two public multi-record data sets.The results show that the CEL-method has robust performance on efficiently achieving the highest level of privacy protection for multi-record data at the cost of small information loss.In summary,in the practice of personal data application,attackers may have different levels of background knowledge to disclose personal privacy information.The privacy-preserving method proposed in this research is of universal significance for the application of multi-record data privacy protection in practice.

Xianghua Deng,Meiyuan Yan

DOI: https://doi.org/10.1088/1742-6596/1883/1/012081

2021-04-01

Journal of Physics: Conference Series

Abstract:Abstract With the scale and convenience of information storage and transmission, human society has entered the era of big data. In this era, information has become the most valuable and potentially influential resource, and personal information that is closely related to citizens’ daily lives is no exception, and is used by all stakeholders. Improper collection of personal information, fraudulent use of personal information, and malicious use of personal information have disrupted the peaceful life of citizens, thereby threatening personal and property safety issues are gradually exposed. In the era of big data, personal information protection is facing new challenges of data personality shaping and modern power control. Strengthening the protection of personal information is an urgent need in the era of big data.

Yijun Xue,Zhide Zhou

DOI: https://doi.org/10.1051/e3sconf/202123503033

2021-01-01

E3S Web of Conferences

Abstract:The core of an Internet enterprise is the data of the network platform, which usually includes a large amount of personal data and personal information. Big data refers to the massive, high growth rate and diversified information assets that require new processing models to have stronger decision-making power, insight, and process optimization capabilities. It is characterized by a large number, high speed, variety, value density, and authenticity. There are ways and legal risks of leaking personal information everywhere on the network information platform. To effectively prevent and completely eliminate the leakage of personal privacy, the government should be taken as the leading factor and rely on all levels of society to deal with this issue from multiple angles.

Cheng Chi,Tengyu Liu,Xiaochen Yu,Shuo Zhang,Shuo Shi

DOI: https://doi.org/10.1007/978-3-030-22971-9_9

2019-01-01

Abstract:The advent of the era of big data has made people’s lives more intelligent and convenient, and has brought enormous value to human beings. At the same time, it has brought about a lot of challenges. Personal information security is one of them. In the big data era, massive amounts of personal information are continuously input, simultaneously, the means of illegally acquiring, disseminating, and applying personal information are emerging in endlessly, Raising human thinking about information security. Therefore, the personal information security problem caused by big data should not be underestimated. Firstly, it introduces the related concepts of personal information, discusses the sources of risks faced by personal information in the process of implantation, dissemination and application. Secondly, it discusses the existing problems and solutions in China. Finally, the application difficulties and coping strategies of information security technology are analyzed, which provides theoretical support for personal information security in the era of big data.

Moon-Ho Joo,Hun-Yeong Kwon

DOI: https://doi.org/10.1016/j.giq.2023.101805

IF: 8.49

2023-04-01

Government Information Quarterly

Abstract:In the era of big data, data creates new added value by collecting, analyzing, and transforming the thoughts and actions of economic members and creating insights that can predict the future. This means that in the near future, data-driven decisions based on data, rather than subjectivity or experience, will be the driving force behind society.However, since valuable and useful data is bound to be generated from personal information, how to safely utilize personal information is becoming an important topic in the big data era. To protect personal information in this environment, data services and database providers have increased their focus on the implementation of de-identification, a technique that can protect personal information while maintaining the usefulness of the data. Moreover, many countries have introduced new policies and laws focusing on the de-identification of personal information.Accordingly, this paper compares and analyzes how the European Union, the United States, Japan, and South Korea have recently adopted the concept of de-identification in their own personal information protection laws, and presents common trends and implications. As a comparative framework, each country's conceptual classification system related to de-identification, legal treatment, data controller obligations, and de-identification procedures was included.This study identifies the shifts made in each country's regulatory system following the introduction of the concept of de-identification. These include a shift from a binary approach to an approach that considers the identifiability spectrum, from a belief in anonymization to regulation from a risk management perspective, and from a focus on de-identification methods, to responsibility for follow-up management.This study contributes to the establishment of specialized knowledge of de-identification practices by empirically examining the current status of de-identification information-related legal systems adopted by major countries/regions. Also, the study proved the actualization of theory by confirming that the de-identification policy approach from the perspective of risk management is actually applied to the laws of each country. In addition, the attempt to present a framework for systematic comparison of de-identification systems by country provides a new perspective that can trace the trend of future de-identification system changes on a consistent basis. In addition, this study brings the gradual expansion of data policy research by expanding the research on de-identified information, which has been studied mainly in Europe and the United States, to case studies in Japan and South Korea.

information science & library science

Jingyi Cao,Bo Liu,Yunqian Wen,Rong Xie,Li Song

DOI: https://doi.org/10.1109/iccv48922.2021.00332

2021-01-01

Abstract:The popularization of intelligent devices including smartphones and surveillance cameras results in more serious privacy issues. De-identification is regarded as an effective tool for visual privacy protection with the process of concealing or replacing identity information. Most of the existing de-identification methods suffer from some limitations since they mainly focus on the protection process and are usually non-reversible. In this paper, we propose a personalized and invertible de-identification method based on the deep generative model, where the main idea is introducing a user-specific password and an adjustable parameter to control the direction and degree of identity variation. Extensive experiments demonstrate the effectiveness and generalization of our proposed framework for both face de-identification and recovery.

Jiana Bi,Yonghong Guo,Ning He,Shuang Wang

DOI: https://doi.org/10.25236/ijndes.2023.070210

Abstract:: While big data brings convenience to people, it also exposes various problems. Personal information is always exposed to risks. Protecting personal information from infringement in the big data era has become an urgent problem to be solved. This paper studies from three aspects. First, it analyzes the importance of personal information security protection in the big dataera: maintaining normal social production and life order, protecting personal physical and mental health and property safety, and reducing the occurrence of cyber crimes. Second, it summarizes the problems existing in personal information security protection in the big data era: serious disclosure of personal privacy information, malicious attacks on personal privacy by cyber hackers, low awareness of personal information security protection, and imperfect laws and regulations on personal information security protection. Third, the main measures of personal information security protection in the big data eraare put forward: improving the laws and regulations of personal information protection, raising the awareness of personal information security protection, building a data-centric security governance system, and strengthening the prevention and governance of cyber hacking attacks.

Computer Science,Law

Le Yang,Miao Tian,Duan Xin,Qishuo Cheng,Jiajian Zheng

2024-02-27

Abstract:The development of artificial intelligence has significantly transformed people's lives. However, it has also posed a significant threat to privacy and security, with numerous instances of personal information being exposed online and reports of criminal attacks and theft. Consequently, the need to achieve intelligent protection of personal information through machine learning algorithms has become a paramount concern. Artificial intelligence leverages advanced algorithms and technologies to effectively encrypt and anonymize personal data, enabling valuable data analysis and utilization while safeguarding privacy. This paper focuses on personal data privacy protection and the promotion of anonymity as its core research objectives. It achieves personal data privacy protection and detection through the use of machine learning's differential privacy protection algorithm. The paper also addresses existing challenges in machine learning related to privacy and personal data protection, offers improvement suggestions, and analyzes factors impacting datasets to enable timely personal data privacy detection and protection.

Cryptography and Security,Artificial Intelligence,Machine Learning

Xianghua Deng,Bo Zhang

DOI: https://doi.org/10.1088/1757-899x/806/1/012032

2020-04-01

IOP Conference Series: Materials Science and Engineering

Abstract:Abstract In the era of big data, the problem of leakage of personal information is becoming more and more serious. With the citizens’ increasing legal awareness, people pay more and more attention to the protection of personal information. In the context of big data, this article is based on the impact of big data on the protection of personal information. By studying the current status of the domestic and international legal protection of personal information, this paper puts forward some proposals for the protection of information, combined with the current status and existing problems of the legal protection of personal information,

Xingshu CHEN,Lu YANG,Yonggang LUO

DOI: https://doi.org/10.15961/j.jsuese.201700726

2017-01-01

Abstract:The development and application of big data technology has a deep influence on the national governance model,corporate decision-making architecture,business strategy and personal lifestyle.The data aggretation not only increases the risk of user privacy leaks,but the huge information and potential value contained in big data also attract more potential attackers.Moreover,the big data application is a cross-disciplinary application,which introduces not only a lot of new technologies but more and higher risks.The definition and characteristics of big data is reviewed,and the big data architecture and big data security system are put forward in this paper.Based on this system,the security challenges facing the current big data and research progress of big data security technologies are analyzed from four perspectives:laws and regulations,standards,data life cycle protection and big data platform key technology.Laws and regulations in America,European Union,China and the research status of big data security standarlization of International Organization for Standardization,America,China and so on was introduced.Big data platform is needed to realize the collection,transmission,storage and analysis and so on in big data lifecycle.In this paper,the security problems and key technologies of big data are analyzed from two dimensions of big data lifecycle and big data platform.The lifeeycle includes collection,storage,usage,distribution and deletion five phases.Data value is determined by the data quality of the collection phase.Data and model inconsistency detection and data cleaning are the main technical means to improve data quality.The processed big data is transmit to external entities in big data distribution phase,so the protection of privacy and sensitive information is essential.The retalted key technologies are data anonymity,privacy-protecting data retrieval and analysis.The big data management support the effective use of big data and ensure big data security,which mainly contains metadata management and data lineage.The problems of authentication,data isolation,data encryption storage,big data platform border protection and audit between big data components can be solved by the big data platform security with the key technologies such as authentication,access control,data encryption and audit.At present,a perfect big data security standard system is still lacking in the world.The norms and guidance for privacy protection,data sharing,cross-border data transmission from standards are urgent needed.With the rapid development of big data analysis technology,it's difficult to predict the challenge of privacy protection and sensitive information protection from big data association analysis in the future.The existing data masking and privacy protection technology will face a great challenge.The data analysis without exposure to data privacy and sensitive information can be achieved by data homomorphic encryption,but the existing homomorphic encryption algorithm is far from mature.The current authentication,data encryption and access control in the big data platform use the traditional technology,which can't adapt to the new environment with large scale of data,complex processing logic and huge amount of users.Some of the big data security key technologies are also worthy of indepth study in the performance and availability for early practical application.In addition,using big data pro-cessing technology to develop security applications such as network security situation perception,intrusion detection and network threat intelligence analysis,and using big data technology to resist attacks against big data have become a new research trend in the field of big data security.The development of big data security requires the united support and promotion of laws and regulations,standards and key technologies.

Chuyun Wang,Feifei Guo,Mengxuan Ji

DOI: https://doi.org/10.1155/2022/1678360

2022-08-30

Journal of Environmental and Public Health

Abstract:In the era of big data, while every citizen enjoys the convenience of the Internet, all kinds of information closely related to their personal and property are in a state of "streaking" for a long time. Personal information is frequently leaked, illegally misappropriated, and used. There are necessary requirements of network security. The risks and challenges faced by personal information in the context of big data increase. In the context of the rapid development of big data, the information is circulated in virtual cyberspace in the form of electronic data, and data sharing has become an important flow form of information circulation. It is an important link to realize the optimal allocation of network resources and realize the value of data. The great progress of the digital economy and artificial intelligence technology has greatly increased the demand for data, the speed of circulation has been further accelerated, and the potential value of data has been fully reflected. At present, the scope of personal information protected by Chinese laws is relatively narrow and is basically limited to the scope of privacy rights, which makes a large amount of information owned by individuals that do not belong to the category of personal privacy rights lack legal protection. Personal information is different from the characteristics of privacy rights. It is decided that the protection of personal information should be different from the protection of traditional personal privacy. To sum up, in view of this, this article attempts to analyze the new challenges faced by personal information protection in the era of big data from the perspective of law, combined with the background of the era of big data, from the legislative model, system design, supervision mechanism, industry self-discipline, and other aspects. Exploration of the legislative framework for the protection of personal information in the era of big data in our country is done in order to find a realistic path that balances the development of big data technology and the protection of personal information.

Yong-bing ZHANG

DOI: https://doi.org/10.14018/j.cnki.cn13-1085/n.2016.35.079

2016-01-01

Abstract:In recent years, the era of big data based on cloud computing platform officially arrived, and big data contains a huge commercial value and makes the criminals try to steal personal privacy data, thus affecting the normal life of the user. By analyzing the challenges faced by the privacy security in the era of big data, summarize the technical measures adopted in the protection of personal privacy, put forward the laws and industry standards the individual or enterprise should abide by, and finally explore the direction of further research on the protection of personal privacy.

Zhu Gao

DOI: https://doi.org/10.1088/1742-6596/1574/1/012107

2020-06-01

Journal of Physics: Conference Series

Abstract:Abstract The era of big data brings us not only an opportunity given by the development of the era, but also a challenge. To improve Chinese citizens’ quality of big data application is also an inevitable internal requirement for the social and economic development of various countries and regions in the era of big data economy. In the era of big data development, the security leakage of personal information has become more and more serious, which has aroused people’s high attention and increasing concern. The purpose of this paper is to provide countermeasures and Suggestions for the reasonable protection of personal information by deeply analyzing the practical dilemma and solutions of the reasonable protection of personal information in the era of big data. In this paper, first of all, this paper expounds the dialectical nature of the current era of big data network information search on the personal information security in our country the major risks and opportunities for development, and the in-depth analysis of the current our country network information search security risk main origin, on the basis of focus from legal ideological cultivation, inspection du regulatory legislation, application technology and so on three aspects put forward to speed up the building of the personal information security management system in our country strategic thinking. And then comb through studying related literature review of network information security evaluation index system, using the evaluation index system of comprehensive level calculation analysis method for network actual weight of each evaluation index in the relationship between level computation, the result shows that composite reliability were greater than 0.7, which eventually concluded that a more reasonable and practical index system of network weight calculation.

English Else