- Title
- An information privacy compliance model based on configurable software objects
- Creator
- Kandeh, Agbor Takang
- Subject
- Software protection
- Subject
- Software configuration management
- Date Issued
- 2022-04
- Date
- 2022-04
- Type
- Master's theses
- Type
- text
- Identifier
- http://hdl.handle.net/10948/58374
- Identifier
- vital:59052
- Description
- South Africa’s Protection of Personal Information Act (POPIA), Act 4 of 2013 requires that organisations enforce information privacy rules in technology systems handling personally identifiable information (PII). This is in line with other national and regional information privacy legislations across the world. However, the absence of a coherent way to implement this legislation, in the form of software objects in technology systems, has created a gap in organisations around the world. To bridge this gap, this thesis proposes a compliance model based on a conceptual framework, a design framework, and a software-based prototype. The objective of this model is to test how best to enforce information privacy regulations in technology systems handling personally identifiable information. The proposed conceptual framework views information privacy compliance as a context-driven reality enforced by configurable software objects. To refine the conceptual framework, a design framework and a software-based prototype was developed using the design science research methodology as the theoretical construct and the UML ontology language and object-oriented programming paradigms as the underpinning practical construct. This prototype will assist organisational stakeholders in understanding and visualising the theoretical and practical constructs of handling personally identifiable information as software objects in technology systems. The design and implementation of this prototype resulted in some practical and theoretical recommendations. These include the adoption of a decision model notation (DMN) as a formal standard to manage privacy rules and the creation of a context-aware privacy compliance zone (CAP). However, the main contribution of this thesis is a reusable conceptual and contextual design framework and a prototype through which POPIA rules, or those of any similar information privacy law, such as the European General Data Protection Regulation (GDPR), can be encapsulated into software objects used in technology systems to ease compliance with information privacy regulations.
- Description
- Thesis (PhD) -- Faculty of Engineering, the Built Environment, and Technology, 2022
- Format
- computer
- Format
- online resource
- Format
- application/pdf
- Format
- 1 online resource (xiii, 222 pages)
- Format
- Publisher
- Nelson Mandela University
- Publisher
- Faculty of Engineering, the Built Environment, and Technology
- Language
- English
- Rights
- Nelson Mandela University
- Rights
- All Rights Reserved
- Rights
- Open Access
- Hits: 387
- Visitors: 404
- Downloads: 63
Collections
NMU School of Engineering
| Thumbnail | File | Description | Size | Format | |||
|---|---|---|---|---|---|---|---|
| View Details Download | SOURCE1 | Kandeh, A.pdf | 4 MB | Adobe Acrobat PDF | View Details Download |