Risk management for General Data Protection Regulation

Authors

  • Leonardo Costa Farias UERJ
  • Bernardo da Eira Duarte UERJ
  • Karla Tereza Figueiredo Leite UERJ

DOI:

https://doi.org/10.59681/2175-4411.v16.iEspecial.2024.1286

Keywords:

Fuzzy Logic, Risk Assessment, Law Enforcement

Abstract

Objective: To develop a new model for assessing privacy risks related to the General Data Protection Law (LGPD) in the digital health environment. Methods: Construction of a model based on Fuzzy Logic, considering best practices from the technical standards of the Brazilian Association of Technical Standards (ABNT) and the International Organization for Standardization (ISO) to incorporate uncertainty in the evaluation process as well as the explainability of results from the identification of variables relevant to the concept of risk for LGPD. Results: The new model showed good results compared to other models, and, differently, included the explanation of the obtained results. Conclusion: The proposed system using the model titled Fuzzy-LGPD for Risk Management in Digital Health presented very promising results, allowing the identification of risks in the evaluated case studies.

Author Biographies

Leonardo Costa Farias, UERJ

Researcher, Telessaúde, UERJ, Rio de Janeiro (RJ), Brazil.

Bernardo da Eira Duarte, UERJ

Student, Instituto de Matemática e Estatística, UERJ, Rio de Janeiro (RJ), Brazil.

Karla Tereza Figueiredo Leite, UERJ

Associate Professor, Telehealth and IME, UERJ, Rio de Janeiro (RJ), Brazil.

References

PAUL, M. Digitization of healthcare sector: A study on privacy and security concerns. https://www.sciencedirect.com/science/article/pii/S2405959523000243.

PRIVACY INTERNATIONAL. What Is Privacy? https://privacyinternational.org/explainer/ 56/what -privacy.

BRASIL. Lei n.º 13.709. https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/L13709 compilado.htm.

LUZ, J. C. J. A Abordagem baseada no risco para a conformidade com a LGPD. https://www.conjur.com.br/2022-jan-05/jean-luz-abordagem-baseada-risco-conformidade-lgpd.

MINISTÉRIO DA GESTÃO E DA INOVAÇÃO EM SERVIÇOS PÚBLICOS; GOVERNO DIGITAL. Gestão de riscos. https://www.gov.br/governodigital/pt-br/seguranca-e-protecao-de-dados/ gestao-riscos.

SHUKRI, F. Mathematical Problems in Engineering - Experts’ Judgment-Based Mamdani-Type Decision System for Risk Assessment. nov. 2021.

MINISTÉRIO DA ECONOMIA. Secretaria de Governo Digital. Guia de Avaliação de Riscos de Segurança e Privacidade. nov. 2020.

ZADEH, L. A. Fuzzy sets. Information and Control, v. 8, n. 3, p. 338–353, 1965.

DE MELO et al. Uma Avaliação das Medidas de Associação e Risco Fuzzy. https://jhi.sbis.org.br/ index.php/jhi-sbis/article/view/807/408.

Downloads

Published

2024-11-19

How to Cite

Farias, L. C., Duarte, B. da E., & Leite, K. T. F. (2024). Risk management for General Data Protection Regulation. Journal of Health Informatics, 16(Especial). https://doi.org/10.59681/2175-4411.v16.iEspecial.2024.1286

Issue

Vol. 16 No. Especial (2024): Congresso Brasileiro de Informática em Saúde

Section

CBIS 2024

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Submission of a paper to Journal of Health Informatics is understood to imply that it is not being considered for publication elsewhere and that the author(s) permission to publish his/her (their) article(s) in this Journal implies the exclusive authorization of the publishers to deal with all issues concerning the copyright therein. Upon the submission of an article, authors will be asked to sign a Copyright Notice. Acceptance of the agreement will ensure the widest possible dissemination of information. An e-mail will be sent to the corresponding author confirming receipt of the manuscript and acceptance of the agreement.

Similar Articles

1 2 3 4 5 6 7 8 > >> 

You may also start an advanced similarity search for this article.

Most read articles by the same author(s)