Laws and Regulations tell how to classify your data: A case study on higher education |
| |
| Institution: | 1. School of Cyber Science and Engineering, Sichuan University, Chengdu, China;2. Cybersecurity Research Institute, Sichuan University, Chengdu, China;1. Research Institute for Smart Cities, School of Architecture and Urban Planning, Shenzhen University and Shenzhen Key Laboratory of Spatial Smart Sensing and Services and MNR Technology Innovation Center of Territorial and Spatial Big Data and Guangdong–Hong Kong-Macau Joint Laboratory for Smart Cities, Shenzhen 518060, China;2. Logistics Information Centre, Beijing 100842, China;3. Department of Game Design, Faculty of Arts, Uppsala University, Sweden;1. Studio Galilei Co. Ltd., Yongin, Gyeonggi, Republic of Korea;2. Department of Transportation Engineering, College of Engineering, Myongji University, Yongin, Gyeonggi, Republic of Korea;3. Department of Geography, College of Sciences, Kyung Hee University, Seoul, Republic of Korea;4. Department of Transportation Engineering, College of Engineering, Yonsei University, Seoul, Republic of Korea;5. Smart Tourism Education Platform, College of Hotel & Tourism Management, Kyung Hee University, Seoul, Republic of Korea;6. Korea Railroad Research Institute, Uiwang, Gyeonggi, Republic of Korea;1. School of Information Management, Nanjing University, Nanjing 210023, China;2. School of International and Public Affairs, Shanghai Jiao Tong University, Shanghai 200230, China |
| |
| Abstract: | The era of big data has promoted the vigorous development of many industries, boosting the full potential of holistic data-driven analysis, yet it has also been accompanied by uninterrupted data breaches. In recent years, especially in China, data security laws and regulations have been promulgated continuously, and many of them have made clear requirements for data classification. As the support of data security initiatives, data classification has received the bulk of attention and has been hailed by all walks of life. There is a lot of valuable information contained in the issued regulations, which has already been well exploited in the research of privacy policy compliance verification, whereas few scholars have drawn on such information to guide data classification for security and compliance. As a step towards this direction, in this paper, we define two information types: one is “regulated data” mentioned in external laws and regulations, another is “non-regulated data”, indicating internal business data produced in a certain organization, and develop a novel generalization-enhanced decision tree classification algorithm called Gen-DT to classify data. In this way, data covered by the relevant data security regulatory mandates can be quickly identified and handled in full compliance as well. Furthermore, we evaluate the proposed compliance-driven data classification scheme using datasets collected from two famous universities in China and validate that our approach can achieve better performance than existing popular machine learning techniques. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
