Skip to main content
SpringerLink
Log in

Data Privacy Compliance Benefits for Organisations – A Cyber-Physical Systems and Internet of Things Study

  • Conference paper
  • First Online:
Information and Cyber Security (ISSA 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1166))

Included in the following conference series:

  • 675 Accesses

Abstract

The protection of people’s privacy is both a legal requirement and a key factor for doing business in many jurisdictions. Organisations thus have a legal obligation to get their privacy compliance in order as a matter of business importance. This applies not only to organisations’ day-to-day business operations, but also to the information technology systems they use, develop or deploy. However, privacy compliance, like any other legal compliance requirements, is often seen as an extra burden that is both unnecessary and costly. Such a view of compliance can result in negative consequences and lost opportunities for organisations. This paper seeks to position data privacy compliance as a value proposition for organisations by focusing on the benefits that can be derived from data privacy compliance as it applies to a particular subset of information technology systems, namely cyber-physical systems and Internet of Things technologies. A baseline list of data privacy compliance benefits, contextualised for CPSs and IoT with the South African legal landscape is proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ICO: Privacy impact assessment and risk management. Information Commissioner’s Office, Wilmslow (2013)

    Google Scholar 

  2. Westin, A.F.: Privacy and freedom. Wash. Lee Law Rev. 25, 166–170 (1968)

    Google Scholar 

  3. Solove, D.J.: Conceptualizing privacy. Calif. Law Rev. 90, 1087–1155 (2002)

    Article  Google Scholar 

  4. Erickson, K., Howard, P.N.: A case of mistaken identity? News accounts of hacker, consumer, and organizational responsibility for compromised digital records. J. Comput.-Mediat. Commun. 12, 1229–1247 (2007)

    Article  Google Scholar 

  5. Cole, D.D.: Assessing the leakers: criminal or heroes. J. Nat. Secur. Law Policy 8, 107–118 (2015)

    Google Scholar 

  6. European Union: GDPR Portal: Site Overview. https://www.eugdpr.org/eugdpr.org.html

  7. Baloyi, N., Kotzé, P.: A data privacy model based on Internet of Things and cyber-physical systems reference architectures. In: Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists: SAICSIT 2018 – Technology for Change, pp. 258–268. ACM (2018). https://doi.org/10.1145/3278681.3278712

  8. Government of South Africa: Protection of Personal Information Act 4 of 2013. Government Printing Works (2013). www.justice.gov.za/legislation/acts/2013-004.pdf

  9. Baloyi, N., Kotźe, P.: Are organisations in South Africa ready to comply with personal data protection or privacy legislation and regulations? In: Cunningham, P., Cunningham, M. (eds.) IST-Africa 2017 Conference, pp. 1–11. IEEE (2017)

    Google Scholar 

  10. Babiceanu, R.F., Seker, R.: Big data and virtualization for manufacturing cyber-physical systems: a survey of the current status and future outlook. Comput. Ind. 81, 128–137 (2016). https://doi.org/10.1016/j.compind.2016.02.004

    Article  Google Scholar 

  11. Internet Society: The Internet of Things: An Overview (2015)

    Google Scholar 

  12. Cavoukian, A., Dixon, M.: Privacy and Security by Design: an Enterprise Architecture Approach. Information and Privacy Commissioner, Ontario (2013)

    Google Scholar 

  13. Aktypi, A., Nurse, J.R.C., Goldsmith, M.: Unwinding Ariadne’s identity thread: privacy risks with fitness trackers and online social networks. In: Proceedings of the 2017 on Multimedia Privacy and Security, pp. 1–11. ACM, New York (2017). https://doi.org/10.1145/3137616.3137617

  14. Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems: A Cyber-Physical Systems Approach. MIT Press, Cambridge (2017)

    MATH  Google Scholar 

  15. Lee, J., Bagheri, B., Kao, H.: A cyber-physical systems architecture for Industry 4.0-based manufacturing systems. Manuf. Lett. 3, 18–23 (2015)

    Article  Google Scholar 

  16. Thinakaran, K., Dhillon, J.S., Gunasekaran, S.S., Chen, L.F.: A conceptual privacy framework for privacy-aware IoT health applications. In: 6th International Conference on Computing and Informatics, Kuala Lumpur, pp. 175–183 (2017)

    Google Scholar 

  17. Torre, H., Koceva, F., Sanchez, O.R., Adorni, G.: A framework for personal data protection in the loT. In: Internet Technology and Secured Transactions (ICITST), pp. 384–391. IEEE (2016). https://doi.org/10.1109/ICITST.2016.7856735

  18. Atzori, L., Iera, A., Morabito, G.: The Internet of Things: a survey. Comput. Netw. 54, 2787–2805 (2010). https://doi.org/10.1016/j.comnet.2010.05.010

    Article  MATH  Google Scholar 

  19. Khaitan, S.K., McCalley, J.D.: Design techniques and applications of cyberphysical systems: a survey. IEEE Syst. J. 9, 350–365 (2015). https://doi.org/10.1109/JSYST.2014.2322503

    Article  Google Scholar 

  20. Stankovic, J.A.: Research directions for the Internet of Things. IEEE Internet Things J. 1, 3–9 (2014)

    Article  Google Scholar 

  21. Wood, A.D., et al.: Context-aware wireless sensor networks for assisted living and residential monitoring. IEEE Network 22, 26–33 (2008). July/August 2018

    Article  Google Scholar 

  22. Carroll, M.: A Risk and Control Framework for Cloud Computing and Virtualization. University of South Africa, Pretoria (2012)

    Google Scholar 

  23. Colbert, E.: Security of cyber-physical systems. J. Cyber Secur. Inf. Syst. 5 (2017)

    Google Scholar 

  24. Miclea, L., Sanislav, T.: About dependability in cyber-physical systems. In: EWDTS, pp. 17–21 (2011)

    Google Scholar 

  25. Minerva, R., Biru, A., Rotondi, D.: Towards a Definition of the Internet of Things (IoT). IEEE (2015)

    Google Scholar 

  26. Lin, S., et al.: The Industrial Internet of Things Volume G1: Reference Architecture, Industrial Internet Consortium (2017)

    Google Scholar 

  27. Tesfachew, T.: Key challenges in the development and implementation of data protection laws. In: Data Protection Regulations and International Data Flows: Implications for Trade and Development, United Nations, Geneva, pp. 7–22 (2016)

    Google Scholar 

  28. Government of the United Kingdom. Data Protection Act 29 of 1998. Government of the United Kingdom (1998). www.legislation.gov.uk/ukpga/1998/29/pdfs/ukpga_19980029_en.pdf

  29. African Union: African Union Convention on Cyber Security and Personal Data Protection, African Union (2014)

    Google Scholar 

  30. Cate, F.H.: The failure of fair information practice principles. In: Winn, J.K. (ed.): Consumer Protection in the Age of the “Information Economy.” Ashgate Publishing, Hampshire (2006)

    Google Scholar 

  31. Government of South Africa. Constitution of the Republic of South Africa. Government of South Africa (1996). (ISBN 978-0-621-39063-6), www.justice.gov.za/legislation/constitution/SAConstitution-web-eng.pdf

  32. OECD: Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (1980)

    Google Scholar 

  33. Vaishnavi, V., Kuechler, W., Petter, S.: Design Science Research in Information Systems. http://desrist.org/desrist/content/design-science-research-in-information-systems.pdf

  34. Baloyi, N.: A Data Privacy Framework for Cyber-physical Systems and Internet of Things for Information Technology Professionals. University of Pretoria, Pretoria (2019)

    Google Scholar 

  35. ICO: Subject Access Code of Practice Information Commissioner’s Office, Wilmslow (2014)

    Google Scholar 

  36. Weinberg, B.D., Milne, G.R., Andonova, Y.G., Hajjat, F.M.: Internet of Things: convenience vs. privacy and secrecy. Bus. Horiz. 58, 615–624 (2015). https://doi.org/10.1016/j.bushor.2015.06.005

    Article  Google Scholar 

  37. Reuters. Musk Deletes Facebook Pages of Tesla, SpaceX After Challenged on Twitter. https://www.reuters.com/article/us-spacex-musk/musk-deletes-facebook-pages-of-tesla-spacex-after-challenged-on-twitter-idUSKBN1GZ2MZ

  38. ICO: Anonymisation: Managing Data Protection Risk Code of Practice, Information Commissioner’s Office, Wilmslow (2012)

    Google Scholar 

  39. ICO: Data Sharing Code of Practice, Information Commissioner’s Office, Wilmslow (2011)

    Google Scholar 

  40. Head, T.: Momentum agree to R2.4 m payout for Nathan Ganas’ family. https://www.thesouthafrican.com/momentum-agree-pay-ganas-family-why/

  41. Baloyi, N., Kotźe, P.: Do users know or care about what is done with their personal data: a South African study. In: Cunningham, P., Cunningham, M. (eds.) IST-Africa 2017 Conference Proceedings, pp. 1–11. IEEE (2017)

    Google Scholar 

  42. Kula, S.: Appointment of the Information Regulator for POPI and PAIA. https://www.michalsons.com/blog/appointment-of-the-information-regulator/20059

  43. ICO: The Guide to Data Protection, Information Commissioner’s Office, Wilmslow (2017)

    Google Scholar 

  44. ICO: In the Picture: A Data Protection Code of Practice for Surveillance Cameras and Personal Information Information Commissioner’s Office, Wilmslow (2015)

    Google Scholar 

  45. Government of South Africa. Promotion of Access to Information Act 2 of 2000. Government of South Africa (2000). www.justice.gov.za/legislation/acts/2000-002.pdf

  46. Sinclair, M., Siemieniuch, C., Palmer, P.: The identification of knowledge gaps in the technologies of cyber-physical systems with recommendations for closing these gaps. Syst. Eng. 22, 3–19 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Council for Scientific and Industrial Research, Pretoria, South Africa

    Ntsako Baloyi

  2. Department of Informatics, University of Pretoria, Pretoria, South Africa

    Ntsako Baloyi & Paula Kotzé

Authors
  1. Ntsako Baloyi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paula Kotzé
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Ntsako Baloyi or Paula Kotzé .

Editor information

Editors and Affiliations

  1. University of Pretoria, Pretoria, Gauteng, South Africa

    Hein Venter

  2. University of South Africa, Florida, Gauteng, South Africa

    Marianne Loock

  3. University of Johannesburg, Auckland Park, Gauteng, South Africa

    Marijke Coetzee

  4. University of South Africa, Pretoria, Gauteng, South Africa

    Mariki Eloff

  5. University of Pretoria, Pretoria, Gauteng, South Africa

    Jan Eloff

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Baloyi, N., Kotzé, P. (2020). Data Privacy Compliance Benefits for Organisations – A Cyber-Physical Systems and Internet of Things Study. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information and Cyber Security. ISSA 2019. Communications in Computer and Information Science, vol 1166. Springer, Cham. https://doi.org/10.1007/978-3-030-43276-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-43276-8_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-43275-1

  • Online ISBN: 978-3-030-43276-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation