Process Modeling for Privacy - Conformant Biobanking: Case Studies on Modeling in UMLsec

Ralph Herkenhöner

Abstract

The continuing progress in research on human genetics is highly increasing the demand on large surveys of voluntary donors’ data and biospecimens. By this new dimension of acquiring and providing data and biospecimens, a new quality of biobanking arose. Using automated data and biospecimens handling along with modern communication channels—such as the world wide web—assigns new challenges to protection of the donor’s privacy. Within current discussions on privacy and data protection an emerging result is the need of auditing privacy and data protection within biobanks. For this purpose, finding a proper way for describing biobanks in terms of a data protection audit is a vital issue. This paper presents how modeling in UMLsec can improve the description of biobanks with the objective of performing a data protection audit. It demonstrates the use of UMLsec for describing security characteristics regarding data protection issues on the basis of two case studies.

References

  1. Unified Modeling Language: Superstructure. Version 2.1.1 (formal/2007-02-03). Object Management Group. http://www.omg.org/docs/formal/07-02-03.pdf
  2. Kreische, D.: Geschäftsprozessmodellierung mit der ”Unified Modeling Language (UML)” (in German). Dissertation at the University Erlangen-Nürnberg (2004). http://deposit.ddb.de/cgi-bin/dokserv?idn=972544232
  3. Jürjens, J.: Secure systems development with UML. Springer-Verlag, Berlin Heidelberg New York (2005)
  4. Business Process Modeling Notation Specification. Final Adopted Specification (dtc/2006- 02-01). Object Management Group. http://www.bpmn.org/Documents/OMG\%20Final\%20Adopted\ %20BPMN\%201-0\%20Spec\%2006-02-01.pdf
  5. White, S. A.: Process Modeling Notations and Workflow Patterns. Object Management Group, Business Process Management Initiative (2004). http://www.bpmn.org/ Documents/Notations\%20and\%20Workflow\%20Patterns.pdf
  6. Keller, G., Nüttgens, M., Scheer, A.-W.: Semantische Prozeßmodellierung auf der Grundlage ”Ereignisgesteuerter Prozeßketten (EPK)” (in German). Scheer, A.-W. (Hrsg.): Veröffentlichungen des Instituts für Wirtschaftsinformatik, Nr. 89. Saarbrücken (1992).
  7. Best Practices for Biospecimen Resources. National Cancer Institute (2007). http://biospecimens.cancer.gov/practices/
  8. Data Protection - Complete Audit Guide. The Information Commissioner's Office, UK. http://www.ico.gov.uk/upload/documents/library/data_ protection/detailed_specialist_guides/data_protection_ complete_audit_guide.pdf
  9. Reng, C.-M., Dembold, P., Specker, Ch., Pommerening, K.: Generische Lösungen zum Datenschutz für die Forschung in der Medizin (in German). Medizinisch Wissenschaftliche Verlagsgesellschaft, Berlin (2006)
  10. Pommerening, K., Schröder, M., Petrov, D., Schlösser-Faßbender, M., Semler, S.C., Drepper, J.: Pseudonymization Service and Data Custodians in Medical Research Networks and Biobanks. GI Jahrestagung (1) 2006: 715-721
  11. Biobanks: Obtainment, preservation and utilisation of human biological material. Swiss Academy of medical science (SAMS),Basel , Swiss (2006). http://www.samw.ch/docs/Richtlinien/e_RL_Biobanken.pdf
  12. Luttenberger, N., Reischl, J., Schröder, M., Stürzebecher, C.S.: Datenschutz in der pharmakogenetischen Forschung - eine Fallstudie (in German). DuD Datenschutz und Datensicherheit 28(6) (2004).
  13. Luttenberger, N., Stürzebecher, C.S., Reischl, J., Schröder, M.: Der elektronische Datentreuhänder (in German). DIGMA Zeitschrift fur Datenrecht und Informationssicherheit 5, 1, pages 2429, 3 2005.
  14. Brief Report on the Data Protection Audit. Independent State Centre for Privacy Protection Schleswig-Holstein (2003). https://www.datenschutzzentrum.de/ audit/kurzgutachten/a0303/a0303_engl.htm
  15. Pfitzmann, A., Hansen, M.: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management A Consolidated Proposal for Terminology. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml
  16. v. Eller-Eberstein, H., Gundermann, L., Krawczak, M., Schreiber, S., Wolf, A.: Datenmanagement bei popgen (in German). GI Jahrestagung (1) 2006: 729-735
Download


Paper Citation


in Harvard Style

Herkenhöner R. (2008). Process Modeling for Privacy - Conformant Biobanking: Case Studies on Modeling in UMLsec . In Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008) ISBN 978-989-8111-44-9, pages 3-12. DOI: 10.5220/0001732900030012


in Bibtex Style

@conference{wosis08,
author={Ralph Herkenhöner},
title={Process Modeling for Privacy - Conformant Biobanking: Case Studies on Modeling in UMLsec},
booktitle={Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008)},
year={2008},
pages={3-12},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001732900030012},
isbn={978-989-8111-44-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008)
TI - Process Modeling for Privacy - Conformant Biobanking: Case Studies on Modeling in UMLsec
SN - 978-989-8111-44-9
AU - Herkenhöner R.
PY - 2008
SP - 3
EP - 12
DO - 10.5220/0001732900030012