- Title
- A framework for data privacy and security accountability in data breach communications
- Creator
- Thomas, Louise; Gondal, Iqbal; Oseni, Taiwo; Firmin, Sally
- Date
- 2022
- Type
- Text; Journal article
- Identifier
- http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/189549
- Identifier
- vital:17465
- Identifier
-
https://doi.org/10.1016/j.cose.2022.102657
- Identifier
- ISSN:0167-4048 (ISSN)
- Abstract
- Organisations need to take steps to protect the privacy and security of the personal information they hold. However, when data is breached, how do individuals know whether the organisation took reasonable steps to protect their data? When breached organisations notify affected individuals, this communication is likely to be one of the few windows into the incident from the outside and can become an important artefact for research. This desktop study aimed to consider the extent to which publicly available Australian data breach communications reflect data privacy and security best practices. This paper presents a brief review of literature and government guidance on data security and privacy best practices, along with the results of a qualitative content analysis of 33 publicly available Australian data breach communications. This analysis illustrated that there was little reflection of data privacy and security practices. Literature, government guidance and the content analysis were used to inform and develop a new voluntary framework for organisations. This consists of a series of evaluation questions divided into two broad categories: responsible data management and responsible portrayal of the breach. The framework has the potential to help organisations plan the inclusion of data privacy and security management aspects in their data breach communications. This could assist organisations to address their legal and ethical responsibility to account for their actions in managing privacy and security of the personal data they hold. © 2022
- Publisher
- Elsevier Ltd
- Relation
- Computers and Security Vol. 116, no. (2022), p.
- Rights
- All metadata describing materials held in, or linked to, the repository is freely available under a CC0 licence
- Rights
- Copyright © 2022 Elsevier Ltd.
- Subject
- 4604 Cybersecurity and privacy; Cyber security incident; Data breach; Data breach notification; Data management; Privacy; Security
- Reviewed
- Funder
- This work is supported by an Australian Government Research Training Program (RTP) Stipend and RTP Fee-Offset Scholarship through Federation University Australia, and a Defence Science Institute scholarship.
- Hits: 589
- Visitors: 506
- Downloads: 0