The Hippocratic Oath has guided the conduct of physicians for centuries. Inspired by its tenet of preserving privacy, we argue that future database systems must include responsibility for the privacy of data they manage as a founding tenet. We enunciate the key privacy principles for such Hippocratic database systems. We propose a strawman design for Hippocratic databases, identify the technical challenges and problems in designing such databases, and suggest some approaches that may lead to solutions. Our hope is that this paper will serve to catalyze a fruitful and exciting direction for future database research. 1

this paper by Bob Bies, Ronnie Goodstein and by our colleagues and students during a spring 1998 seminar. We also recognize the help we received from Stevan D. Mitchell on creating non-regulatory incentives for the private sector.

Media and research reports point to the issue of privacy as the key to understanding online behaviors and experiences. However, it is well recognized within privacy advocacy circles that “privacy ” is a loose concept encompassing a variety of meanings. In this paper we view privacy as mediating between individuals and their online activities and not standing above them; as being constantly redefined in actual practice. It is necessary to ask, therefore, what individuals are reacting to when asked about online privacy and how it affects their online experience. This paper is based on data generated in the Everyday Internet study, a neighborhood based ethnographic project being conducted in Toronto, Canada that investigates how people integrate online services in their daily lives. We further propose that there are three organizing “moments ” of online privacy perceptions: the moment of sitting in front of the computer, the moment of the interactions with it, and the moment after the data has been released in “cyberspace”. We argue that while the third has been given much media coverage, mainly through surveillance—Big Brother—reports and stories the other two moments have not been sufficiently researched. This may be crippling the formulation of effective privacy principles and practices by policy makers and the public. Keywords:

this paper.) When there are more credentials involved in R's policy, the protection of non-possession sensitive credentials is very similar to that of possession-sensitive credentials. We try to migrate P C# to the policies of other credentials so that Alice will behave the same as certain users who do have C and adopt the Disclosure Tree Strategy. Let us look at the following examples

emerging civil liberties issues and to protect privacy, freedom of expression and constitutional values. EPIC pursues a wide range of activities, including policy research, public education, conferences, litigation, publications, and advocacy. It also practices litigation with significant expertise in FOIA requests, court challenges in defense of privacy and free speech civil liberties, and filings in agency proceedings. These actions cover issues such as anonymity and privacy in consumer, travel, geographic location, financial, internet, and telecommunications matters. While the activities the organization pursues are diverse, founder and director Marc Rotenberg generally characterizes EPIC as a traditional human rights nongovernmental organization. Its main role is to make documents available to the public regarding issues and rights, and then to provide regular evaluation or metrics as to whether or not those rights are being upheld. 1 An example of this is the annual report,

How can executive agencies in developing countries implement international conventions against corruption? This paper looks at the legal issues presented by the Council of Europe, United Nations and OECD conventions against corruption; as well as the choices which executive agencies (such as the tax police, customs and border guard) in developing countries have in helping to implement these conventions. This paper reviews the potential obligations which these Conventions impose on executive agencies and the legal principles which should be enshired in executive regulation which translates these conventions into practice. This paper provides a simple legal/administrative test for corruption as well as tests for complicity, respondeat superiour, and tests which help establish jurisdiction between departments and between countries (in international corruption cases). The paper also discusses mechanisms for financing anti-corruption work, the conduct of tests or probes of civil servant bribe-taking behaviour, and the optimal fine to apply to businesses engaging in corruption as determined under a civil law standard.

Abstract not found

Organizational information practices can result in a variety of privacy problems that can increase consumers’ concerns for information privacy. To explore the link between individuals and organizations regarding privacy, we study how institutional privacy assurances such as privacy policies and industry self-regulation can contribute to reducing individual privacy concerns. Drawing on Communication Privacy Management (CPM) theory, we develop a research model suggesting that an individual’s privacy concerns form through a cognitive process involving perceived privacy risk, privacy control, and his or her disposition to value privacy. Furthermore, individuals ’ perceptions of institutional privacy assurances-- namely, perceived effectiveness of privacy policies and perceived effectiveness of industry privacy self-regulation-- are posited to affect the riskcontrol assessment from information disclosure, thus, being an essential component of privacy concerns. We empirically tested the research model through a survey that was administered to 823 users of four different types of websites: 1) electronic commerce sites, 2) social networking sites, 3) financial sites, and 4) healthcare sites. The results provide support for the majority of the hypothesized relationships. The study reported here is novel to the extent that existing empirical research has not explored the link between individuals’ privacy perceptions and institutional privacy assurances. We discuss implications for theory and practice and provide