Abstract

Today, with the significant increase in the need for the access to reliable information and for the protection of available information stored electronically; personal data has become one of the most important information assets that must be protected. The protection of these information assets is only possible with the power of information security policies including legal, technical, and administrative dimensions. In this study, current situation of university libraries has been evaluated based on the framework of basic principles and legal regulations related to the protection of personal data; and it has been aimed to make suggestions for elimination of deficiencies in this area and to contribute to the creation of information security culture. For this purpose, a survey was conducted through interviews at 15 different university libraries located in Ankara, and the collected data relating to the information security measures was evaluated in accordance with the existing legal regulations.

The results show that the legal regulations are not adequate and preventive in nature, the universities do not have any security policies concerning the protection and the safe destruction of personal data. There is not any risk management, and the responsibility is not shared within the units of universities. Training for personal data protection awareness is not provided for the staff who is responsible for data processing, and the units responsible for the data processing have hesitation even in deciding whether data is personal or not.

Keywords: Information security, Personal data, Sensitive data, Information security policy

References

  1. Aksoy, H. C. (2008). The right to personality and its different manifesttations as the core of personal data. Ankara Law Review, 5(2), 235-249.
  2. Anayasa Mahkemesi. (2011). Türkiye İstatistik Kurumu Başkanlığının ilgili Bölge Müdürlükleri tarafından verilen idari para cezalarına karşı yapılan itirazlar. 5 Aralık 2013 tarihinde http://www.hukukturk.com/fractal/hukukTurk/pages/find_n.jsp?pLayerOk=1&pObjectId=509&pViewId=486&pMainCategoryId=Anayasa&pEsasNo1=2010&pEsasNo2=12&pMerciId=4091&i1.x=10&i1.y=7 adresinden erişildi.
  3. Avrupa Komisyonu. (2012a). MEMO/12/41. 19 Aralık 2013 tarihinde http://europa.eu/rapid/pressrelease_MEMO-12-41_en.pdf adresinden erişildi.
  4. Avrupa Komisyonu. (2012b). Türkiye 2012 yılı ilerleme raporu. 19 Kasım 2013 tarihinde http://www.ab.gov.tr/files/2012_ilerleme_raporu_tr.pdf adresinden erişildi.
  5. Avrupa Konseyi. (1995). Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 21 Ocak 2015 tarihinde http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1995:281:0031:0050:EN:PDF adresinden erişildi.
  6. Avrupa Konseyi. (2012). Proposal for a Regulation of theEuropean Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). 22 Ocak 2015 tarihinde http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0011:FIN:EN:PDF adresinden erişildi.
  7. Charette, R. (2012a). This week in cybercrime: Data breaches at Yahoo, Formspring and Nvidia. 24 Ocak 2014 tarihinde http://spectrum.ieee.org/riskfactor/telecom/security/this-week-in-cybercrime-data-breaches-at-yahoo-formspring-and-nividia adresinden erişildi.
  8. Charette, R. (2012b). Zappos.com customer database breached, info on more than 24 million customers potentially accessed. 24 Ocak 2014 tarihinde http://spectrum.ieee.org/riskfactor/telecom/security/zapposcom-customer-database-breached-info-on-more-than-24-million-customers-potentially-accessed adresinden erişildi.
  9. Chirillo, J. ve Danielyan, E. (2005). Sun Certified Security Administrator for Solaris 9 & 10 Study Guide. California: McGraw-Hill.
  10. DDK. (2013). Kişisel Verilerin Korunmasına İlişkin Ulusal ve Uluslararası Durum Değerlendirmesi ile Bilgi Güvenliği ve Kişisel Verilerin Korunması Kapsamında Gerçekleştirilen Denetim Çalışmaları. Ankara: Cumhurbaşkanlığı Devlet Denetleme Kurulu.
  11. Fischer-Hübner, S. (2001). IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Berlin: Springer.
  12. Henkoğlu, T. (2011). Adli bilişim: Dijital delillerin elde edilmesi ve analizi. İstanbul: Pusula Yayıncılık.
  13. Henkoğlu, T. ve Yılmaz, B. (2013). Avrupa Birliği (AB) Bilgi Güvenliği Politikaları. Türk Kütüphaneciliği, 27(3), 451-471.
  14. IFLA. (2014). Principles of freedom of expression and good librarianship. 29 Aralık 2014 tarihinde http://www.ifla.org/faife/mission adresinden erişildi.
  15. Kaptan, S. (1995). Bilimsel araştırma ve istatistik teknikleri (10 ed.). Ankara: Rehber Yayınevi.
  16. Karasar, N. (2012). Bilimsel araştırma yöntemi (23 ed.). Ankara: Nobel Yayıncılık.
  17. King, N. ve Raja, V. (2012). Protecting the privacy and security of sensitive customer data in the cloud. Elsevier Computer Law & Security Review, 308-319.
  18. Küzeci, E. (2010). Kişisel verilerin korunması. Ankara: Turhan Kitabevi.
  19. Miller, A. R. (1971). Assault on Privacy: Computers, Data Banks and Dossiers. Ohio: The University of Michigan Press.
  20. OECD. (2013). Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data. 21 Ocak 2015 tarihinde http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf adresinden erişildi.
  21. Preisig, A. V., Rösch, H. ve Stückelberger, C. (2014). Ethical dilemmas in the information society: Codes of ethics for librarians and archivists.
  22. Starr, J. (2004). Libraries and national security: An historical review. First Monday, 9(12).
  23. Stone, E. F., Gueutal, H. G., Gardner, D. G. ve McClure, S. (1983). A field experiment comparing information-privacy values, beliefs, and attitudes across several types of organizations. Journal of Applied Psychology, 68(3), 459-468.
  24. Stuttgart University. (2013). Change of user data. 2 Şubat 2014 tarihinde http://www.ub.uni-stuttgart.de/downloads/formulare/benutzerstatus/aenderungsmeldung.en.pdf adresinden erişildi.
  25. T.C. Anayasası. (1982). Türkiye Cumhuriyeti Anayasası. 28 Ekim 2013 tarihinde http://www.tbmm.gov.tr/anayasa/anayasa_2011.pdf adresinden erişildi.
  26. T.C. Başbakanlık. (1988). Devlet Arşiv Hizmetleri Hakkında Yönetmelik. 13 Nisan 2014 tarihinde http://www.devletarsivleri.gov.tr/icerik/309/yonetmelik/ adresinden erişildi.
  27. T.C. Başbakanlık. (2014). Kişisel Verilerin Korunması Kanun Tasarısı ve Gerekçesi. 22 Ocak 2015 tarihinde http://web.tbmm.gov.tr/gelenkagitlar/metinler/362939.pdf adresinden erişildi.
  28. TKD. (2008). Düşünce Özgürlüğü Bildirgesi. 29 Aralık 2014 tarihinde http://www.kutuphaneci.org.tr/sites/default/files/tkd_dusunce_ozgurlugu_bildirgesi.pdf adresinden erişildi.
  29. TKD. (2010). Mesleki etik ilkeleri. 3 Ekim 2014 tarihinde http://www.kutuphaneci.org.tr/mesleki-etik-ilkeleri adresinden erişildi.
  30. Whitman, M. E. ve Mattord, H. J. (2011). Principles of information security. Boston: Course Technology.
  31. Wildermann, P. (2014). Şeffaf okur kâbusu – Kütüphanelerde veri koruma. 22 Ocak 2015 tarihinde http://www.goethe.de/ins/tr/tr/lp/kul/mag/bib/12623526.html adresinden erişildi.
  32. Winter, K. A. (1997). Privacy and the rights and responsibilities of librarians. 09 Ocak 2014 tarihinde http://www.cstone.net/~kwinter/articles/ksr4_winter.pdf adresinden erişildi.
  33. Wolf, M., Haworth, D. ve Pietron, L. (2011). Measuring an information security awareness program. Review of Business Information Systems, 15(3), 9-21.

License

Copyright (c) 2015 The author(s). This is an open access article distributed under the Creative Commons Attribution License (CC BY), which permits unrestricted use, distribution, and reproduction in any medium or format, provided the original work is properly cited.

How to Cite

Henkoğlu, T., & Özenç Uçak, N. (2015). Protection of Personal Data in University Libraries. Information World, 16(1), 45-74. https://doi.org/10.15612/BD.2015.472