In this paper, we consider an information system (IS) to be a set of technologies together with a set of rules about those technologies. An IS is considered to be prone to a privacy incident if it does not fully protect the private information of a user or if a dishonest user can take advantage of the privacy protection offered by the IS. This work identifies the potential privacy incidents that may occur in an IS, and proposes a framework, the MAPI Framework (Manage or Avoid Privacy Incidents), which designs IS to manage or avoid privacy incidents. The MAPI Framework can also be used for evaluating IS by identifying the missing or inappropriate technologies which may lead to privacy incidents.
Book Title : Intelligence and Security Informatics (LNCS 5376)