{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T15:17:04Z","timestamp":1759331824015,"version":"3.41.2"},"reference-count":23,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2013,7,12]],"date-time":"2013-07-12T00:00:00Z","timestamp":1373587200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,7,12]]},"abstract":"Purpose<\/jats:title>The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>The paper draws conceptually upon an existing security standard's framework and omissions in information privacy compliance frameworks are recognized. As a result, an extended framework of information security and privacy standards is developed. Moreover, taking into account the different attributes and focus of information privacy as compared to information security, the elicitation of usability criteria for web applications and interfaces that will assist users to protect their privacy, is being proposed.<\/jats:p><\/jats:sec>Findings<\/jats:title>Within ICT standards numerous information security standards exist, which enable a common understanding of security requirements and promote global rules and practices for security mechanisms. Through their usage, designed information systems ultimately reach a commonly accepted security level and interoperate with other systems in an efficient and secure way. Nevertheless, a similar compliance environment is missing with regard to information privacy. Often security controls are seen as the solution to privacy protection and security compliance frameworks are regarded as guidance to information privacy as well. This is clearly the wrong approach since the main security and privacy attributes are different; information security refers to information stored, processed and transmitted for completing the information system's functions and purpose, while information privacy is the protection of the information's subject identity.<\/jats:p><\/jats:sec>Research limitations\/implications<\/jats:title>The identified gaps in compliance environments are based on extensive literature review, while the proposed enhancements for the information privacy standards are, at this stage, an opinion\u2010based piece of work.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>Currently, information privacy is treated mostly as a legal compliance requirement and thus is not adequately handled by security standards. The paper provides recommendations and further guidance in managerial, procedural and technical level for handling information privacy.<\/jats:p><\/jats:sec>","DOI":"10.1108\/imcs-09-2012-0051","type":"journal-article","created":{"date-parts":[[2013,7,25]],"date-time":"2013-07-25T14:13:28Z","timestamp":1374761608000},"page":"177-190","source":"Crossref","is-referenced-by-count":4,"title":["Evaluating and enriching information and communication technologies compliance frameworks with regard to privacy"],"prefix":"10.1108","volume":"21","author":[{"given":"Costas","family":"Lambrinoudakis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022030720072292500_b10","doi-asserted-by":"crossref","unstructured":"Ashenden, D. (2008), \u201cInformation security management: a human challenge?\u201d, Information Security Technical Report, Vol. 1 No. 3, pp. 195\u2010201.","DOI":"10.1016\/j.istr.2008.10.006"},{"key":"key2022030720072292500_b11","unstructured":"Deming, W.E. (1950), Elementary Principles of the Statistical Control of Quality, JUSE, Tokyo."},{"key":"key2022030720072292500_b6","unstructured":"European Parliament (1995), 95\/46\/EC Directive of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data."},{"key":"key2022030720072292500_b7","unstructured":"European Parliament (2002), 2002\/58\/EC Directive European Parliament and of the Council of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications)."},{"key":"key2022030720072292500_b100","unstructured":"GAISP (2004), Generally Accepted Information Security Principles, available at: www.citadel\u2010information.com\/wp\u2010content\/uploads\/2010\/12\/issa\u2010generally\u2010accepted\u2010information\u2010security\u2010practices\u2010v3\u20102004.pdf."},{"key":"key2022030720072292500_b14","doi-asserted-by":"crossref","unstructured":"Gritzalis, S. (2004), \u201cEnhancing web privacy and anonymity in the digital era\u201d, Information Management & Computer Security, Vol. 12 No. 3, pp. 255\u2010288.","DOI":"10.1108\/09685220410542615"},{"key":"key2022030720072292500_b16","doi-asserted-by":"crossref","unstructured":"Herzog, A. and Shahmehri, N. (2007), \u201cUsable set\u2010up of runtime security policies\u201d, Information Management & Computer Security, Vol. 15 No. 5, pp. 394\u2010407.","DOI":"10.1108\/09685220710831134"},{"key":"key2022030720072292500_b9","unstructured":"HIPAA (1996), Health Insurance Portability and Accountability Act, USA, available at: www.cms.gov\/HIPAAGenInfo\/Downloads\/HIPAALaw.pdf."},{"key":"key2022030720072292500_b17","doi-asserted-by":"crossref","unstructured":"Ibrahim, T., Furnell, M.S., Papadaki, M. and Clarke, L.N. (2010), \u201cAssessing the usability of end\u2010user security software\u201d, Proceedings of TrustBus 2010 Trust, Privacy and Security in Digital Business, Lecture Notes in Computer Science, Vol. 6264, pp. 177\u2010189.","DOI":"10.1007\/978-3-642-15152-1_16"},{"key":"key2022030720072292500_b12","unstructured":"Imai, M. (1886), Kaizen: The Key to Japan's Competitive Success, Random House, New York, NY, p. 60."},{"key":"key2022030720072292500_b101","unstructured":"ISF (2007), The Standard of Good Practice for Information Security, Information Security Forum, available at: www.securityforum.org\/userfiles\/public\/SOGP.pdf."},{"key":"key2022030720072292500_b102","unstructured":"ISF (2010), Solving the Data Privacy Puzzle, Information Security Forum, available at: www.securityforum.org."},{"key":"key2022030720072292500_b1","unstructured":"ISO (2012), International Organization for Standardization, available at: www.iso.org\/."},{"key":"key2022030720072292500_b15","doi-asserted-by":"crossref","unstructured":"Johnston, J., Eloff, J.H.P. and Labuschagne, L. (2003), \u201cSecurity and human computer interfaces\u201d, Computers & Security, Vol. 22 No. 8, pp. 675\u2010684.","DOI":"10.1016\/S0167-4048(03)00006-3"},{"key":"key2022030720072292500_b19","doi-asserted-by":"crossref","unstructured":"Kalloniatis, C., Kavakli, E. and Gritzalis, S. (2008), \u201cAddressing privacy requirements in system design: the PriS method\u201d, Requirements Engineering, Vol. 13 No. 3, pp. 241\u2010255.","DOI":"10.1007\/s00766-008-0067-3"},{"key":"key2022030720072292500_b20","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., Giorgini, P. and Manson, G. (2003), \u201cAn ontology for modelling security: the Tropos project\u201d, in Palade, V., Howlett, R.J. and Jain, L. (Eds), KES 2003, LNCS (LNAI), Vol. 2773, Springer, Heidelberg, pp. 1387\u20101394.","DOI":"10.1007\/978-3-540-45224-9_187"},{"key":"key2022030720072292500_b18","unstructured":"Nielsen, J. (1994), \u201cHeuristic evaluation\u201d, in Nielsen, J. and Mack, R.L. (Eds), Usability Inspection Methods, Wiley, New York, NY."},{"key":"key2022030720072292500_b5","unstructured":"OECD (1980), The OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, available at: www.oecd.org\/document\/18\/0,3746,en_2649_34255_1815186_1_1_1_1,00.html."},{"key":"key2022030720072292500_b2","unstructured":"Pfitzmann, A. and Hansen, M. (2010), A Terminology for Talking About Privacy by Data Minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, v0.34, available at: http:\/\/dud.inf.tu\u2010dresden.de\/literatur\/Anon_Terminology_v0.34.pdf."},{"key":"key2022030720072292500_b8","unstructured":"PIPEDA (2000), Personal Information Protection and Electronic Documents Act, Canada, available at: http:\/\/laws.justice.gc.ca\/PDF\/Statute\/P\/P\u20108.6.pdf."},{"key":"key2022030720072292500_b13","doi-asserted-by":"crossref","unstructured":"Siponen, M. (2005), \u201cAn analysis of the traditional IS security approaches: implications for research and practice\u201d, European Journal of Information Systems, Vol. 14 No. 3, pp. 303\u2010315.","DOI":"10.1057\/palgrave.ejis.3000537"},{"key":"key2022030720072292500_b4","doi-asserted-by":"crossref","unstructured":"Tsohou, A., Kokolakis, S., Lambrinoudakis, C. and Gritzalis, S. (2010), \u201cA security standards' framework to facilitate best practices' awareness and conformity\u201d, Information Management & Computer Security, Vol. 18 No. 5, pp. 350\u2010365.","DOI":"10.1108\/09685221011095263"},{"key":"key2022030720072292500_b3","doi-asserted-by":"crossref","unstructured":"Warren, S. and Brandeis, L. (1890), \u201cThe right to privacy\u201d, Harvard Law Review, Vol. 4, pp. 193\u2010220.","DOI":"10.2307\/1321160"}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/IMCS-09-2012-0051","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-09-2012-0051\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-09-2012-0051\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T21:50:48Z","timestamp":1753393848000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/21\/3\/177-190\/181050"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,7,12]]},"references-count":23,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,7,12]]}},"alternative-id":["10.1108\/IMCS-09-2012-0051"],"URL":"https:\/\/doi.org\/10.1108\/imcs-09-2012-0051","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2013,7,12]]}}}