学術論文誌 Journal of Information Processing に当研究所研究員の論文が採択されました ブックマークが追加されました
お知らせ
学術論文誌 Journal of Information Processing に当研究所研究員の論文が採択されました
デロイト トーマツ サイバーセキュリティ先端研究所(DT-ARLCS)
一般社団法人 情報処理学会が発行する学術論文誌 Journal of Information Processing 2023 Volume 31に、当研究所の研究員である森 啓華が筆頭著者となる以下の論文が採択されました。
採択された論文
2023年12月
Analysis of Privacy Compliance by Classifying Policies Before and After the Japanese Law Revision
学術誌:Journal of Information Processing 2023 Volume 31
著者:Keika Mori (DTCY/Waseda University), Tatsuya Nagai, Yuta Takata, Masaki Kamizono (DTCY), and Tatsuya Mori (Waseda University/NICT/RIKEN AIP)
https://www.jstage.jst.go.jp/article/ipsjjip/31/0/31_829/_article/-char/en(外部サイト)
論文概要
Companies and organizations inform users of how they handle personal data through privacy policies on their websites. Particular information, such as the purposes of collecting personal data and what data are provided to third parties is required to be disclosed by laws and regulations. An example of such a law is the Act on the Protection of Personal Information in Japan. In addition to privacy policies, an increasing number of companies are publishing security policies to express compliance and transparency of corporate behavior. However, it is challenging to update these policies against legal requirements due to the periodic law revisions and rapid business changes. In this study, we developed a method for analyzing privacy policies to check whether companies comply with legal requirements. In particular, the proposed method classifies policy contents using bidirectional encoder representations from transformers and evaluates privacy compliance by comparing the classification results with legal requirements. In addition, we analyzed security policies using the proposed method, to confirm whether the combination of privacy and security policies contributes to privacy compliance. In this study, we collected and evaluated 1,298 privacy policies and 139 security policies for Japanese companies. The results revealed that over 90% privacy policies adequately describe the handling of personal information by first parties, user rights, and security measures, and over 90% insufficiently describe the data retention and specific audience. These differences in the number of descriptions depend on industry guidelines and business characteristics. Additionally, security policies were found to improve the compliance rates of 48 out of 139 companies by describing security practices not included in privacy policies. Finally, we conducted a comparative analysis of policies before and after the Japanese law revision. We identified that although companies updated their policies, these updates were insufficient to meet the new law requirements.
その他の記事
ソリューション開発
デロイト トーマツ サイバーセキュリティ先端研究所(DT-ARLCS)が提供するソリューションサービスを紹介します。
デロイト トーマツ サイバーセキュリティ先端研究所
デロイト トーマツ サイバーセキュリティ先端研究所(DT-ARLCS) は、「研究開発」をもって未来社会に貢献する新たな価値を創造する専門家集団です。サイバーセキュリティに関するさまざまな課題に対して、研究者の自由な発想、斬新なアイディア、そして深い知識に裏付けられた確かな研究開発力により解決へ導きます。