Degree Name

Doctor of Philosophy


School of Information Technology and Computer Science - Faculty of Infomatics


The use of private data is ubiquitous. On one hand, people submit their private data to obtain services. On the other hand, organizations need private data to carry out their business. Characterized by convenience, efficiency and cost-saving, information systems are useful for private data management. As a result, vast amounts of private data are collected and processed electronically. However, inadequate protection may end up with the abuse of private data. Privacy concerns affect people’s attitude towards providing their private data, which restricts the success of organizations’ business. The importance of privacy control is well recognized today. Privacy control should be regarded as an imperative design criterion for information systems [40].

The common ground between privacy and security allows us to develop privacy protection techniques based on existing security protection techniques. In the past decade, a few studies have been conducted in this area. Nevertheless, they give individuals limited control over their private data. In particular, after an individual submits his/her private data to an organization, he/she almost loses control over it. This thesis considers this lack of control as a potential problem in information systems. Based on existing security protection techniques, three privacy protection approaches are proposed: an access control based approach, a hierarchical encryption based approach and a digital ticket based approach. These approaches are highlighted for their consideration for information donors’ privacy preferences.

02Whole.pdf (5406 kB)



Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.