关于在情报共享中情报保密工作的研究

当前国际局势纷繁复杂,为世界各国的情报工作带来了新的机遇与挑战。情报共享已经成为情报工作之趋势所在,但情报不同于其他工作,最大的特点就在于情报具有保密性。因此,情报共享必须在保证情报安全保密的基础上开展。文章从情报共享和情报保密的概念、手段、重要性出发,分析两者之间的关系,进一步探讨了情报共享中情报保密工作的具体措施。     

Health‐Care Data Protection and Biometric Authentication Policies: Comparative Culture and Technology Acceptance in China and in the United States

A proliferation of health information technology (HIT) policies to implement dimensions of e‐health, including electronic medical records, electronic health records, personal health records, and e‐prescribing—along with expanding initiatives on mobile health in developed countries and emerging technologies—has sparked academic inquiry into the protection of privacy and data and the technology to protect privacy and data. This article examines HIT policies in the United States and in China and the use of authentication technologies to assess biometrics as privacy's friend or foe in different political frameworks with varying conceptions of privacy. An analysis of privacy in the context of health data protection, challenging relations of trust between patients and providers, the increasing perspective of health data integrity as a cyber‐security issue, and the growing rate of medical fraud and medical identity theft may yield findings of a convergence of views of privacy and biometrics unexpected of contrasting political cultures.     

论隐私权的宪法保护——以自媒体时代为分析背景

自媒体在彰显言论自由之对,也打开了一扇偷窥公民隐私之窗.在宪法视野下,隐私权已经超越部门法的疆域上升为一项基本人权.在自媒体时代,侵犯公民隐私权的特征表现为隐蔽性、侵财性、便捷性和严重性,隐私权的传统法律保护模式遭遇了新的挑战.宪法对公民隐私权加以保护有其合理性与必要性.隐私权的宪法保护路径在于明确隐私权是一项列举的人权,强化违宪审查制度的贯彻执行,并通过部门法落实和实施该项权利,建立一个由宪法统领的、由部门法具体实施的、多层级和全方位的立体保护架构.     

The principle of security safeguards: Unauthorized activities

The principle of information security safeguards is a key information privacy principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers who are responsible for providing adequate protection. This paper takes a step toward bridging this knowledge gap by presenting an analysis of how Data Protection and Privacy Commissioners have evaluated the adequacy level of security protection measures given to personal information in selected privacy invasive cases. This study addresses both security measures used to protect personal information against unauthorized activities and the use of personal information in authentication mechanisms. This analysis also lays a foundation for building a set of guidelines that can be used by data controllers for designing, implementing, and operating both technological and organizational measures used to protect personal information.     

The Stability Pact for Southeastern Europe: A New Approach to a Regional Problem

The European Data Protection Directive is often considered the Internet Privacy Global Standard, but this in only partially true. While the European Union sets a formal global standard, the 1995 Data Protection Directive has two loopholes that Internet companies exploit to set the effective global standard for internet privacy. The United States and Ireland have become safe harbours for Internet companies to collect and process Europeans’ personal data without being subject to the stringent laws and regulations of some continental European countries. Companies, and not the European Union or governments, are the ones that set the effective global standard of internet privacy.     

Tackling Drugs Together: The Possibilities for a Confidential Drug Service

This article explores the exchange of personal information between agencies working with drug users and the 'problems' created by confidentiality. Confidentiality may be conceptualised as a form of information privacy, which in turn derives from a wider idea of privacy. The authors take as a case study the 'Wintercomfort Case', concerning a day centre for drug users in Cambridge. The focus is to look at the legal and practice implications of the case, and to examine in particular the tensions that exist between welfare and justice agencies who may have access to the same information, but who may also have different agendas and objectives in taking action.     

论刑事DNA数据库的基因隐私权保护

从20世纪80年代中期开始,警察就在刑事调查中使用DNA分析,如今他们又有了打击犯罪的新武器:刑事DNA数据库。可是,在这个人权至上的时代,人们除了关心如何有效地打击罪犯之外,对刑事DNA数据在采集、储藏与使用中的隐私权保护也颇为用心。笔者以为,要解除民众对DNA数据库的担忧,法律必须对DNA样本的保留时间、DNA检体的使用目的及DNA数据的使用对象规范清楚。     

美国隐私权的宪法保护述评

美国隐私权的宪法保护建立在其独特的司法审查的基础上,有其独特的特色,不仅体现在通过最高法院对宪法的司法解释回应了公民权利运动对隐私权保护的要求,而且宪法对隐私权的保护具有开放性,虽然美国宪法对隐私权的保护受制于社会传统伦理道德和政府的政策,但是通过消极的个案判决方式从基本人权的角度确立了宪法对自决权意义上的隐私权的保护。     

论保护私人财产的法律制度的完善

江泽民在党的十六大报告中明确提出要“完善保护私人财产的法律制度”,引起了公众的极大关注。本文作者从私人财产法律制度的发展历史,我国私人财产的法律制度完善面临的问题以及如何完善保护私人财产的法律制度提出了自己的构想。     

Cursing the Cloud (or) Controlling the Cloud?

Inspired by the cloud computing hypes, this paper responds to some of the hypes, but not to all. The hype in this paper refers to the level of the adequacy of data protection and privacy in a cloud computing (the Cloud) environment. Paradoxically, this paper proffers observational insights that surround the Cloud from the perspectives of data protection and privacy. It examines briefly the efforts of January 2010 led by Microsoft and anticipating “liability” scenarios. The liability rhetorically refers to the illegal access in the Cloud. This paper does not focus entirely on the technology sophistication; however, it analyses two scenarios of illegal access. To mitigate the liability, it suggests a “Cloud Compliant Strategy (CCS)” being a proposed model to control the Cloud. The observational insights of this paper have also intertwined with the adequacy of data protection from the lenses of the European Union (EU) Data Protection Directive 95/46/EC (DPD) and Safe Harbor provisions (SH).