Article Preview
TopIntroduction
Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others (Westin, 1967). Therefore data privacy defines itself as a protection mechanism to mitigate personal damage when data can be brought into the context of individual persons. A central building block of privacy is the individual right to decide which data about oneself might be collected and stored and how data is supposed to be processed (OECD, 1980). Since 1983 this right, entitled informational self-determination is a fundamental right in German law1 (law of the German federal constitution (BVerfGE) 65, 1) and further is a substantial part of the European Data Protection Directive 95/46/EC (European Commission, 1995) established all over the European Union (EU) through corresponding national laws.
Despite the right of individual users to participate in activities to control privacy-sensitive information, its implementation is difficult and poses at least the following challenges: An ordinary user is typically not considered a security expert and the actual definition or selection of appropriate authorization preferences requires the user to translate her/his mental conception of privacy into enforceable security configurations. Another issue comes with the impact user-defined settings of authorization may have to the user’s privacy or the resulting effectiveness of the health-care information system. Users, as the sole authors of access control statements, have to be made aware about the consequences there settings imply. Although issues regarding the authoring of access control settings have been well discussed in literature, e.g., by suggesting usable authoring tools, like the line of work done by Karat, Karat, Brodie, and Feng (2006) and Reeder, Karat, Karat, and Brodie (2007) proposes, little attention has been paid to the analysis of impact of access control policies to a specific type of information system. In this work we discuss the interrelationship between two specific criteria which can be used to evaluate access control settings enforced by a health-care information system. Further we derive resolution strategies which are proposed to a citizen to support her/him with resolving inadequate security.