BSI – AI Cloud Service Compliance Criteria Catalogue (AIC4) Date 2021.02.02

“The AI Cloud Service Compliance Criteria Catalogue provides AI-specific criteria, which enable an evaluation of the security of an AI service across its lifecycle. The criteria set a baseline level of security, which can be reliably assessed through independent auditors. The catalogue has been developed for AI services that are based on standard machine learning methods and iteratively improve their performance by utilizing training data.”;jsessionid=447A6D97340ED8665553CEA5B96A0A22.internet482?__blob=publicationFile&v=4

Privacy and Genomic data – reader list

Identification and genomic data

Re-identifiability of genomic data and the GDPR

Re-Identification of Individuals in Genomic Data-Sharing Beacons via Allele Inference

Identification of individuals by trait prediction using whole-genome sequencing data

Medical research and privacy related books by MWV (mostly in German)

“Medizinisch Wissenschaftliche Verlagsgesellschaft (MWV) publishes reference books, textbooks and scientific books as well as ebooks for professionals and students in Medicine, Nursing and Health Care Management.”

Data Privacy in European Medical Research
A Contemporary Legal Opinion
Christian Dierks, Philipp Kircher, Charlotte Husemann, Julia Kleinschmidt, Martin Haase

NIST – Toward a Privacy-Enhancing Cryptography Use-Case Suite: Preliminary Draft White Paper Available for Comment

NIST – Toward a Privacy-Enhancing Cryptography Use-Case Suite: Preliminary Draft White Paper Available for Comment

“Privacy-enhancing cryptography (PEC) refers to cryptography used to enhance privacy, beyond the traditional sense of data confidentiality. For example, it enables sophisticated interactions that obtain a useful output of the combined information of multiple entities, although without them sharing their inputs with one another. Representative PEC techniques include secure multi-party computation, zero-knowledge proofs and searchable encryption.

Because of the advanced technical features of PEC, this field has traditionally not been covered by standardization activities. However, the state of the art is becoming more pertinent and accessible. To tap into the potential of PEC, this preliminary draft presents a sketch idea toward creating a “PEC use-case suite.” The goal of the write-up is to motivate initial feedback about the idea, which intends to connect PEC tools and representative use-cases where privacy is a central point.”


ICO: Regulatory sandbox report Novartis Pharmaceuticals UK Ltd

“The latest Sandbox report is from medicines company Novartis, which uses innovative science and digital technologies to help transform patient care and improve their experiences and outcomes.

When Novartis entered the Sandbox in July 2019 the original vision was for a voice-enabled web portal allowing patients to fill in health questionnaires from home – retaining a high standard of care but reducing unnecessary face to face appointments.

The ‘Digital Solution’ was designed to allow clinicians to draw upon the data provided online by patients, examine any changes to their patient’s condition and allow prioritisation of patients who need to be seen more urgently in clinic. Engaging with patients from their perspective remotely, allows for better clinical decision-making and less footfall in clinics.” [..]



ENISA: Pseudonymisation Advanced Techniques and Use Cases

Advanced encryption schemes
Ring signatures and group pseudonyms; chaining mode; pseudonyms based on multiple identifiers or attributes; pseudonyms with prooof of ownership; secure multiparty computation; secret sharing schemes

Pseudonymization use cases in healthcare
patient record comparison use case; medical research institution use-case; distributed storage use-case;

Advanced pseudonymisation scenario: the data custodianship
Notion of data custodianship; Personal Information Management System (PIMS) as data custodian; Data custodian as a part of the hospital; Data custodian as an independent organisation; Interconnected data custodian network

Pseudonymisation use cases in cybersecurity
Entities and roles; File Reputation; URL Reputation; Security Operations Centers; Consumer customer support; Protection gap and real-time protection