Automating Data Privacy Compliance through Filtering Algorithms
Keywords:
Collaborative Filtering, Content Filtering, Data Privacy Impact Assessment, Business Process Outsourcing, Data Privacy OfficersAbstract
Implementing controls to address identified privacy risks in Business Process Outsourcing (BPO) companies presents a significant challenge for Data Privacy Officers. A well-functioning control system directly contributes to the privacy risk rate associated with each identified issue. Failure to implement controls correctly can escalate the level of privacy risk.
The researcher has developed a unique system that is integrated into a Privacy Impact Assessment (PIA) tool. This system, powered by content and collaborative filtering algorithms, takes a collaborative approach to privacy risk management. Based on the risk category of each control and historical data, it recommends controls for reducing or eliminating the risk associated with each project within the organization. A collaborative approach empowers everyone to feel responsible for the outcome, encouraging all stakeholders to actively participate in addressing privacy risks.
This study adopts a combination of developmental and descriptive approaches. Developmental research focuses on systematically designing, developing, and evaluating the recommender system for the PIA tool, ensuring it meets the requirements. Descriptive research, meanwhile, investigates common privacy risks, implementation challenges, strategies employed, and respondents' satisfaction levels with the developed system.
The thoroughness of the research findings is a testament to the potential risks in BPO facilities. Many of these facilities allow unrestricted employee access to data storage areas, leading to potential breaches. Additionally, technical issues with data processing equipment often result in accidental exposure of personal and sensitive information even after disposing of records. These identified risks directly contravene the security protocols mandated by the National Privacy Commission (NPC), which require strict physical security measures for organizations handling personal data. The comprehensive nature of these findings instills confidence in the proposed solutions, reassuring the audience about the effectiveness of the proposed system.
This research introduces a crucial solution-a recommender system integrated within a Privacy Impact Assessment (PIA) tool. This system, powered by Collaborative filtering and content filtering, is designed to effectively address the challenges posed by privacy risks in BPO companies. Its ability to analyze past assessments and suggest controls based on similar situations, as well as categorize the appropriate control type based on risk description, makes it a valuable tool for Data Privacy Officers (DPOs) and top management.
By utilizing collaborative and content-based algorithms, the system not only recommends privacy risk levels and corresponding controls for identified and newly identified risks but also includes the audience in the process. This assists Data Privacy Officers (DPOs) in reducing risk levels by lessening or eliminating the potential harm from privacy breaches and making informed decisions. The system provides recommendations for top management to ensure compliance, fostering a sense of inclusion and shared responsibility in addressing privacy risks.
Downloads
References
Aghdam, M. (2019). Context- aware recommender systems using hierarchical hidden Markov Model. Physica A: Statistical Mechanics and its Applications, 518(15), 89-98. https://doi.org/10.1016/j.physa.2018.11.037
Alhijawi, and Kilani. (2020). A collaborative filtering recommender system using genetic algorithm. Information Processing and Management, 56(6) https://doi.org/10.1016/j.ipm.2020.102310.
Boström and Filipsson. (2017). Comparison of User Based and Item Based Collaborative Filtering Recommendation Services. Retrieved from http://search.ndltd.org/
Cena, Console and Vernero. (2021). Logical foundations of knowledge-based recommender systems: A unifying spectrum of alternatives. Information Sciences, 546(6), 60-73. https://doi.org/10.1016/j.ins.2020.07.075
Chulyadyo, Rajani. (2016). A new horizon for the recommendation: Integration of spatial dimensions to aid decision making.
Clarke. (2016). Privacy impact assessments as a control mechanism for Australian counter-terrorism initiatives. Computer Law & Security Review, 32(3), 403-418. https://doi.org/10.1016/j.clsr.2016.01.009
Dela Cruz. (2018). Why Do We Undertake Privacy Impact Assessments (PIA)? Retrieved from http://ateneo.edu/udpo/article/Why-do-we-undertake-Privacy-Impact-Assessments-PIA
Disini and Disini Law Office. (2018). Fostering a culture of privacy through the conduct of Privacy Impact Assessments. Retrieved from https://privacy.com.ph/articles/fostering-a-culture-of-privacy-through-the-conduct-of-privacy-impact-assessments/
Dong, Zeng, Koehl, and Zhang. (2020). An interactive knowledge-based recommender system for fashion product design in the big data environment. Information Sciences, 540, 469-488. https://doi.org/10.1016/j.ins.2020.05.094
Eirinaki, Gao, Varlamis, and Tserpes. (2017). Recommender Systems for Large-Scale Social Networks: A review of challenges and solutions. Future Generation Computer Systems, 78(1), 413-418. https://doi.org/10.1016/j.future.2017.09.015
Esmaeili, Mardani, Alireza, and Golpayegani. (2020). A novel tourism recommender system in the context of social commerce. Expert Systems with Applications, 149(1). https://doi.org/10.1016/j.eswa.2020.113301
Gao, Zhang, Yu, Li, Wen, and Xiong. (2021). Recommender systems based on generative adversarial networks: A problem-driven perspective. Information Sciences, 546(6), 1166-1185. https://doi.org/10.1016/j.ins.2020.09.013
Herce-Zelaya, Porcel, Bernabe-Moreno, and Herrera-Viedma. (2020). New technique to alleviate the cold start problem in recommender systems using information from social media and random decision forests. Information Science, 536, 156-170. https://doi.org/10.1016/j.ins.2020.05.071
Sinha and Dhanalaksmi. (2020). Evolution of recommender paradigm optimization over time. Journal of King Saud University – Computer and Information Sciences, 34(4), 1047-1059. https://doi.org/10.1016/j.jksuci.2019.06.008
International Standard Organization (2018) ISO 31000 Risk Management – Principles and Guidelines on Implementation. Retrieved from https://www.iso.org/iso-31000-risk-management.html/
Lovine, Narducci, and Semeraro. (2020). Conversational Recommender Systems and natural language: A study through the ConveRSE framework. Decision Support Systems, 131. https://doi.org/10.1016/j.dss.2020.113250
Madasamy. (2019). Introduction to recommendation systems and How to design Recommendation system. Retrieved from https://madasamy.medium.com/introduction-to-recommendation-systems-and-how-to-design-recommendation-system-that-resembling-the
Margaris, Vassilakis, Spiliotopoulos. (2020). What makes a review a reliable rating in recommender systems? Information Processing and Management, 57(6). https://doi.org/10.1016/j.ipm.2020.102304
Mohamed, Khafagy and Ibrahim. (2019). Recommender Systems Challenges and Solutions Survey. International Conference on Innovative Trends in Computer Engineering (ITCE), 149-155. http://doi.org/10.1109/ITCE.2019.8646645.
Napoles, Grau, and Salgueiro. (2020). Recommender system using Long-term Cognitive Networks. Knowledge-Based Systems, 206(28). https://doi.org/10.1016/j.knosys.2020.106372
National Privacy Commission. (2016). Implementing Rules and Regulation. Retrieved from https://www.privacy.gov.ph/implementing-rules-and-regulations-of-republic-act-no-10173-known-as-the-data-privacy-act-of-2012/
Ojagh, Malek, Saeedi, and Liang. (2020). A location-based orientation-aware recommender system using IoT smart devices and Social Networks. Future Generation Computer Systems, 108, 970-118. https://doi.org/10.1016/j.future.2020.02.041
Pyati and Malawade. (2018). A Study on Risk Assessment Using Probability-Impact Matrix Method for A Multi-Storeyed Residential Building. International Research Journal of Engineering and Technology (IRJET), 05(07), 254-257
Raab. (2020). Information privacy, impact assessment, and the place of ethic. Computer Law & Security Review, 37. https://doi.org/10.1016/j.clsr.2020.105404
Sambhav, Vikesha, Sushama. (2018). An Improved Collaborative Filtering Based Recommender System using Bat Algorithm. Procedia Computer Science, 132, 1795-1803. https://doi.org/10.1016/j.procs.2018.05.155
Scudder, McNevin, Kelty, Walsh, and Robertson. (2017). Forensic DNA phenotyping: Developing a model privacy impact assessment. Forensic Sci Int Genet, 34, 222-230. https://doi.org/ 10.1016/j.fsigen.2018.03.005
Seyyar and Geradts. (2020). Privacy impact assessment in large-scale digital forensic investigations. Forensic Science International Digital Investigation. https://doi.org/ 10.1016/j.fsidi.2020.200906
Su, Zheng, Ai, Shen, Zhang. (2020). Link prediction in recommender systems based on vector similarity. Physica A: Statistical Mechanics and its Applications, 560(15). https://doi.org/10.1016/j.physa.2020.125154
Yassine, Mohamed, and Mohammed. (2021). Hybrid recommendation system combined content-based filtering and collaborative prediction using artificial neural network. Simulation Modelling Practice and Theory, 113. https://doi.org/10.1016/j.simpat.2021.102375
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.