Certainty is Absurd: Meeting Information Security Requirements in Laws on Population Genetic Databases
Identifieur interne : 000423 ( Main/Exploration ); précédent : 000422; suivant : 000424Certainty is Absurd: Meeting Information Security Requirements in Laws on Population Genetic Databases
Auteurs : Helgaso Hör Ur Helgi ; Susan M C. Gibbons [Royaume-Uni]Source :
- Medical Law International [ 0968-5332 ] ; 2008.
English descriptors
- Teeft :
- Admiral management services, Althingi, Assurance components, Assurance level, Common criteria, Confidentiality, Constitutional statute, Data protection, Data protection authority, Data protection commission, Data protection directive, Data security, Data subjects, Database, Encryption, English translation, Evaluation assurance levels, Future popgd projects, Genealogical data, General notes, Genetic data, Genetic databases, Genetics, Genotype database, Governmental bodies, Health data, Health databases, Health information, Health sector database, Health sector database alpingistfoindi, Healthcare, Healthcare providers, Iceland, Icelandic, Icelandic data protection authority, Icelandic experiment, Icelandic health database, Icelandic health sector database, Icelandic popgd, Icelandic scientist, Icelandic state, Icelandic supreme court, Identifier, Inference measures, Information security, Information security requirements, Information technology, Legal definitions, Legal requirements, Licence, Licence holder, Many years, Medical data, Medical records, Medical records data, Microsoft windows, Original bill, Para, Parliamentary debates, Parliamentary document, Parliamentary record, Parliamentary session, Personal data, Personal identification, Personal identifiers, Policy decisions, Popgd, Popgds, Public health, Public trust, Ragnhildur guomundsd6ttir, Regulatory issues, Requirements document, Security evaluation, Security part, Security requirements, Security target, Such data, Such endeavours, Supreme court, Technical information security standards, Technical standards.
Abstract
This paper describes the problem of determining whether plans for a population genetic database in Iceland met statutory information security requirements. It discusses the approach taken by the relevant governmental authority, which involved employing technical standards to solve the problem. By examining the background to the project, and the main challenges it faced, the paper aims to draw out insights and lessons to inform the way in which future projects are designed and governed. It reflects critically on the results of trying to meet legal requirements for information security by using technical information security standards. Particular attention is given to the founding legislation of the project, and the court case that eventually found that legislation to be unconstitutional.
Url:
DOI: 10.1177/096853320800900204
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 002196
- to stream Istex, to step Curation: 001A76
- to stream Istex, to step Checkpoint: 000380
- to stream Main, to step Merge: 000425
- to stream Main, to step Curation: 000423
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Certainty is Absurd: Meeting Information Security Requirements in Laws on Population Genetic Databases</title><author><name sortKey="Helgi, Helgaso Hor Ur" sort="Helgi, Helgaso Hor Ur" uniqKey="Helgi H" first="Helgaso Hör Ur" last="Helgi">Helgaso Hör Ur Helgi</name></author><author><name sortKey="Gibbons, Susan M C" sort="Gibbons, Susan M C" uniqKey="Gibbons S" first="Susan M C" last="Gibbons">Susan M C. Gibbons</name></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:838F9D02BB11776517181D16EAE10147877CF7C0</idno><date when="2008" year="2008">2008</date><idno type="doi">10.1177/096853320800900204</idno><idno type="url">https://api.istex.fr/ark:/67375/M70-QX9BL0T5-C/fulltext.pdf</idno><idno type="wicri:Area/Istex/Corpus">002196</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">002196</idno><idno type="wicri:Area/Istex/Curation">001A76</idno><idno type="wicri:Area/Istex/Checkpoint">000380</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">000380</idno><idno type="wicri:doubleKey">0968-5332:2008:Helgi H:certainty:is:absurd</idno><idno type="wicri:Area/Main/Merge">000425</idno><idno type="wicri:Area/Main/Curation">000423</idno><idno type="wicri:Area/Main/Exploration">000423</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Certainty is Absurd: Meeting Information Security Requirements in Laws on Population Genetic Databases</title><author><name sortKey="Helgi, Helgaso Hor Ur" sort="Helgi, Helgaso Hor Ur" uniqKey="Helgi H" first="Helgaso Hör Ur" last="Helgi">Helgaso Hör Ur Helgi</name><affiliation></affiliation><affiliation><wicri:noCountry code="subField">Reykjavík*</wicri:noCountry></affiliation></author><author><name sortKey="Gibbons, Susan M C" sort="Gibbons, Susan M C" uniqKey="Gibbons S" first="Susan M C" last="Gibbons">Susan M C. Gibbons</name><affiliation wicri:level="4"><country>Royaume-Uni</country><placeName><settlement type="city">Oxford</settlement><region type="nation">Angleterre</region><region type="région" nuts="1">Oxfordshire</region></placeName><orgName type="university">Université d'Oxford</orgName></affiliation><affiliation wicri:level="4"><country>Royaume-Uni</country><placeName><settlement type="city">Oxford</settlement><region type="nation">Angleterre</region><region type="région" nuts="1">Oxfordshire</region></placeName><orgName type="university">Université d'Oxford</orgName></affiliation></author></analytic><monogr></monogr><series><title level="j">Medical Law International</title><idno type="ISSN">0968-5332</idno><idno type="eISSN">2047-9441</idno><imprint><publisher>SAGE Publications</publisher><pubPlace>Sage UK: London, England</pubPlace><date type="published" when="2008">2008</date><biblScope unit="volume">9</biblScope><biblScope unit="issue">2</biblScope><biblScope unit="page" from="151">151</biblScope><biblScope unit="page" to="168">168</biblScope></imprint><idno type="ISSN">0968-5332</idno></series></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0968-5332</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="Teeft" xml:lang="en"><term>Admiral management services</term><term>Althingi</term><term>Assurance components</term><term>Assurance level</term><term>Common criteria</term><term>Confidentiality</term><term>Constitutional statute</term><term>Data protection</term><term>Data protection authority</term><term>Data protection commission</term><term>Data protection directive</term><term>Data security</term><term>Data subjects</term><term>Database</term><term>Encryption</term><term>English translation</term><term>Evaluation assurance levels</term><term>Future popgd projects</term><term>Genealogical data</term><term>General notes</term><term>Genetic data</term><term>Genetic databases</term><term>Genetics</term><term>Genotype database</term><term>Governmental bodies</term><term>Health data</term><term>Health databases</term><term>Health information</term><term>Health sector database</term><term>Health sector database alpingistfoindi</term><term>Healthcare</term><term>Healthcare providers</term><term>Iceland</term><term>Icelandic</term><term>Icelandic data protection authority</term><term>Icelandic experiment</term><term>Icelandic health database</term><term>Icelandic health sector database</term><term>Icelandic popgd</term><term>Icelandic scientist</term><term>Icelandic state</term><term>Icelandic supreme court</term><term>Identifier</term><term>Inference measures</term><term>Information security</term><term>Information security requirements</term><term>Information technology</term><term>Legal definitions</term><term>Legal requirements</term><term>Licence</term><term>Licence holder</term><term>Many years</term><term>Medical data</term><term>Medical records</term><term>Medical records data</term><term>Microsoft windows</term><term>Original bill</term><term>Para</term><term>Parliamentary debates</term><term>Parliamentary document</term><term>Parliamentary record</term><term>Parliamentary session</term><term>Personal data</term><term>Personal identification</term><term>Personal identifiers</term><term>Policy decisions</term><term>Popgd</term><term>Popgds</term><term>Public health</term><term>Public trust</term><term>Ragnhildur guomundsd6ttir</term><term>Regulatory issues</term><term>Requirements document</term><term>Security evaluation</term><term>Security part</term><term>Security requirements</term><term>Security target</term><term>Such data</term><term>Such endeavours</term><term>Supreme court</term><term>Technical information security standards</term><term>Technical standards</term></keywords></textClass><langUsage><language ident="en">en</language></langUsage></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">This paper describes the problem of determining whether plans for a population genetic database in Iceland met statutory information security requirements. It discusses the approach taken by the relevant governmental authority, which involved employing technical standards to solve the problem. By examining the background to the project, and the main challenges it faced, the paper aims to draw out insights and lessons to inform the way in which future projects are designed and governed. It reflects critically on the results of trying to meet legal requirements for information security by using technical information security standards. Particular attention is given to the founding legislation of the project, and the court case that eventually found that legislation to be unconstitutional.</div></front></TEI><affiliations><list><country><li>Royaume-Uni</li></country><region><li>Angleterre</li><li>Oxfordshire</li></region><settlement><li>Oxford</li></settlement><orgName><li>Université d'Oxford</li></orgName></list><tree><noCountry><name sortKey="Helgi, Helgaso Hor Ur" sort="Helgi, Helgaso Hor Ur" uniqKey="Helgi H" first="Helgaso Hör Ur" last="Helgi">Helgaso Hör Ur Helgi</name></noCountry><country name="Royaume-Uni"><region name="Angleterre"><name sortKey="Gibbons, Susan M C" sort="Gibbons, Susan M C" uniqKey="Gibbons S" first="Susan M C" last="Gibbons">Susan M C. Gibbons</name></region><name sortKey="Gibbons, Susan M C" sort="Gibbons, Susan M C" uniqKey="Gibbons S" first="Susan M C" last="Gibbons">Susan M C. Gibbons</name></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Informatique/explor/SgmlV1/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000423 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 000423 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Informatique
|area= SgmlV1
|flux= Main
|étape= Exploration
|type= RBID
|clé= ISTEX:838F9D02BB11776517181D16EAE10147877CF7C0
|texte= Certainty is Absurd: Meeting Information Security Requirements in Laws on Population Genetic Databases
}}
| This area was generated with Dilib version V0.6.33. |  |