Abstract
The protection of people’s privacy is both a legal requirement and a key factor for doing business in many jurisdictions. Organisations thus have a legal obligation to get their privacy compliance in order as a matter of business importance. This applies not only to organisations’ day-to-day business operations, but also to the information technology systems they use, develop or deploy. However, privacy compliance, like any other legal compliance requirements, is often seen as an extra burden that is both unnecessary and costly. Such a view of compliance can result in negative consequences and lost opportunities for organisations. This paper seeks to position data privacy compliance as a value proposition for organisations by focusing on the benefits that can be derived from data privacy compliance as it applies to a particular subset of information technology systems, namely cyber-physical systems and Internet of Things technologies. A baseline list of data privacy compliance benefits, contextualised for CPSs and IoT with the South African legal landscape is proposed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ICO: Privacy impact assessment and risk management. Information Commissioner’s Office, Wilmslow (2013)
Westin, A.F.: Privacy and freedom. Wash. Lee Law Rev. 25, 166–170 (1968)
Solove, D.J.: Conceptualizing privacy. Calif. Law Rev. 90, 1087–1155 (2002)
Erickson, K., Howard, P.N.: A case of mistaken identity? News accounts of hacker, consumer, and organizational responsibility for compromised digital records. J. Comput.-Mediat. Commun. 12, 1229–1247 (2007)
Cole, D.D.: Assessing the leakers: criminal or heroes. J. Nat. Secur. Law Policy 8, 107–118 (2015)
European Union: GDPR Portal: Site Overview. https://www.eugdpr.org/eugdpr.org.html
Baloyi, N., Kotzé, P.: A data privacy model based on Internet of Things and cyber-physical systems reference architectures. In: Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists: SAICSIT 2018 – Technology for Change, pp. 258–268. ACM (2018). https://doi.org/10.1145/3278681.3278712
Government of South Africa: Protection of Personal Information Act 4 of 2013. Government Printing Works (2013). www.justice.gov.za/legislation/acts/2013-004.pdf
Baloyi, N., Kotźe, P.: Are organisations in South Africa ready to comply with personal data protection or privacy legislation and regulations? In: Cunningham, P., Cunningham, M. (eds.) IST-Africa 2017 Conference, pp. 1–11. IEEE (2017)
Babiceanu, R.F., Seker, R.: Big data and virtualization for manufacturing cyber-physical systems: a survey of the current status and future outlook. Comput. Ind. 81, 128–137 (2016). https://doi.org/10.1016/j.compind.2016.02.004
Internet Society: The Internet of Things: An Overview (2015)
Cavoukian, A., Dixon, M.: Privacy and Security by Design: an Enterprise Architecture Approach. Information and Privacy Commissioner, Ontario (2013)
Aktypi, A., Nurse, J.R.C., Goldsmith, M.: Unwinding Ariadne’s identity thread: privacy risks with fitness trackers and online social networks. In: Proceedings of the 2017 on Multimedia Privacy and Security, pp. 1–11. ACM, New York (2017). https://doi.org/10.1145/3137616.3137617
Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems: A Cyber-Physical Systems Approach. MIT Press, Cambridge (2017)
Lee, J., Bagheri, B., Kao, H.: A cyber-physical systems architecture for Industry 4.0-based manufacturing systems. Manuf. Lett. 3, 18–23 (2015)
Thinakaran, K., Dhillon, J.S., Gunasekaran, S.S., Chen, L.F.: A conceptual privacy framework for privacy-aware IoT health applications. In: 6th International Conference on Computing and Informatics, Kuala Lumpur, pp. 175–183 (2017)
Torre, H., Koceva, F., Sanchez, O.R., Adorni, G.: A framework for personal data protection in the loT. In: Internet Technology and Secured Transactions (ICITST), pp. 384–391. IEEE (2016). https://doi.org/10.1109/ICITST.2016.7856735
Atzori, L., Iera, A., Morabito, G.: The Internet of Things: a survey. Comput. Netw. 54, 2787–2805 (2010). https://doi.org/10.1016/j.comnet.2010.05.010
Khaitan, S.K., McCalley, J.D.: Design techniques and applications of cyberphysical systems: a survey. IEEE Syst. J. 9, 350–365 (2015). https://doi.org/10.1109/JSYST.2014.2322503
Stankovic, J.A.: Research directions for the Internet of Things. IEEE Internet Things J. 1, 3–9 (2014)
Wood, A.D., et al.: Context-aware wireless sensor networks for assisted living and residential monitoring. IEEE Network 22, 26–33 (2008). July/August 2018
Carroll, M.: A Risk and Control Framework for Cloud Computing and Virtualization. University of South Africa, Pretoria (2012)
Colbert, E.: Security of cyber-physical systems. J. Cyber Secur. Inf. Syst. 5 (2017)
Miclea, L., Sanislav, T.: About dependability in cyber-physical systems. In: EWDTS, pp. 17–21 (2011)
Minerva, R., Biru, A., Rotondi, D.: Towards a Definition of the Internet of Things (IoT). IEEE (2015)
Lin, S., et al.: The Industrial Internet of Things Volume G1: Reference Architecture, Industrial Internet Consortium (2017)
Tesfachew, T.: Key challenges in the development and implementation of data protection laws. In: Data Protection Regulations and International Data Flows: Implications for Trade and Development, United Nations, Geneva, pp. 7–22 (2016)
Government of the United Kingdom. Data Protection Act 29 of 1998. Government of the United Kingdom (1998). www.legislation.gov.uk/ukpga/1998/29/pdfs/ukpga_19980029_en.pdf
African Union: African Union Convention on Cyber Security and Personal Data Protection, African Union (2014)
Cate, F.H.: The failure of fair information practice principles. In: Winn, J.K. (ed.): Consumer Protection in the Age of the “Information Economy.” Ashgate Publishing, Hampshire (2006)
Government of South Africa. Constitution of the Republic of South Africa. Government of South Africa (1996). (ISBN 978-0-621-39063-6), www.justice.gov.za/legislation/constitution/SAConstitution-web-eng.pdf
OECD: Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (1980)
Vaishnavi, V., Kuechler, W., Petter, S.: Design Science Research in Information Systems. http://desrist.org/desrist/content/design-science-research-in-information-systems.pdf
Baloyi, N.: A Data Privacy Framework for Cyber-physical Systems and Internet of Things for Information Technology Professionals. University of Pretoria, Pretoria (2019)
ICO: Subject Access Code of Practice Information Commissioner’s Office, Wilmslow (2014)
Weinberg, B.D., Milne, G.R., Andonova, Y.G., Hajjat, F.M.: Internet of Things: convenience vs. privacy and secrecy. Bus. Horiz. 58, 615–624 (2015). https://doi.org/10.1016/j.bushor.2015.06.005
Reuters. Musk Deletes Facebook Pages of Tesla, SpaceX After Challenged on Twitter. https://www.reuters.com/article/us-spacex-musk/musk-deletes-facebook-pages-of-tesla-spacex-after-challenged-on-twitter-idUSKBN1GZ2MZ
ICO: Anonymisation: Managing Data Protection Risk Code of Practice, Information Commissioner’s Office, Wilmslow (2012)
ICO: Data Sharing Code of Practice, Information Commissioner’s Office, Wilmslow (2011)
Head, T.: Momentum agree to R2.4 m payout for Nathan Ganas’ family. https://www.thesouthafrican.com/momentum-agree-pay-ganas-family-why/
Baloyi, N., Kotźe, P.: Do users know or care about what is done with their personal data: a South African study. In: Cunningham, P., Cunningham, M. (eds.) IST-Africa 2017 Conference Proceedings, pp. 1–11. IEEE (2017)
Kula, S.: Appointment of the Information Regulator for POPI and PAIA. https://www.michalsons.com/blog/appointment-of-the-information-regulator/20059
ICO: The Guide to Data Protection, Information Commissioner’s Office, Wilmslow (2017)
ICO: In the Picture: A Data Protection Code of Practice for Surveillance Cameras and Personal Information Information Commissioner’s Office, Wilmslow (2015)
Government of South Africa. Promotion of Access to Information Act 2 of 2000. Government of South Africa (2000). www.justice.gov.za/legislation/acts/2000-002.pdf
Sinclair, M., Siemieniuch, C., Palmer, P.: The identification of knowledge gaps in the technologies of cyber-physical systems with recommendations for closing these gaps. Syst. Eng. 22, 3–19 (2019)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Baloyi, N., Kotzé, P. (2020). Data Privacy Compliance Benefits for Organisations – A Cyber-Physical Systems and Internet of Things Study. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information and Cyber Security. ISSA 2019. Communications in Computer and Information Science, vol 1166. Springer, Cham. https://doi.org/10.1007/978-3-030-43276-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-43276-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43275-1
Online ISBN: 978-3-030-43276-8
eBook Packages: Computer ScienceComputer Science (R0)