Legal Compliance and Technical Capability for Privacy-sensitive Data Protection in the Cloud

Many privacy-preserving techniques have been developed to address the privacy issues in different data sharing scenarios that are used in the field related to records and data management (Fung et al., 2010; Mohammed et al., 2013; Park, 2014). The emergence of cloud computing has significantly improved the potential of sharing records and data. However, the major obstacle to adopting this technology in the public sector is a lack of trust in sufficient security and privacy protection. Research has shown that simply removing explicit identification information of patients, participants or citizens, including the person’s name, social insurance number, telephone number, and address, is insufficient for privacy protection. Therefore, there is a need to assess the privacy-preserving techniques and tools that are available and popular in the field and test how well these techniques can actually help protect privacy and security to records managers at the real settings (e.g. privacy and security sensitive institutions, such as government agencies or health institutions). Government agencies hold a large amount of citizens’ data with their privacy information on the data (e.g. social insurance number, etc.). Health agencies also create, use and house a large amount of patients’ data with their health information, such as blood type, disease, drug, etc. These institutions tend to be more sensitive with privacy information in their data sets. It is important to examine whether legal requirements as minimum requirements that are based on government privacy guidelines are satisfactory from a viewpoint of records management in implementing privacy-preserving techniques and tools at different institutional settings in re