Page 1


Committee of the Global Engineers & Technologists Review Chief Editor Ahmad Mujahid Ahmad Zaidi, MALAYSIA Managing Editor Mohd Zulkifli Ibrahim, MALAYSIA Editorial Board Dr. Arsen Adamyan Yerevan State University ARMENIA

Prof. Dr. Ravindra S. Goonetilleke The Hong Kong University of Science and Technology HONG KONG

Assoc. Prof. Dr. Gasham Zeynalov Khazar University AZERBAIJAN

Assoc. Prof. Dr. Youngwon Park Waseda University JAPAN

Assistant Prof. Dr. Tatjana Konjić University of Tuzla Bosnia and Herzegovina BOSNIA and HERZEGOVINA

Prof. Dr. Qeethara Kadhim Abdulrahman Al-Shayea Al-Zaytoonah University of Jordan JORDAN

Assistant Prof. Dr. Muriel de Oliveira Gavira State University of Campinas (UNICAMP) BRAZIL

Prof. Yousef S.H. Najjar Jordan University of Science and Technology JORDAN

Assoc. Prof. Dr. Plamen Mateev Sofia University of St. Kliment Ohridsky BULGARIA

Assoc. Prof. Dr. Al-Tahat D. Mohammad University of Jordan JORDAN

Dr. Zainab Fatimah Syed The University of Calgary CANADA

Assoc. Prof. Dr. John Ndichu Nder Jomo Kenyatta University of Agriculture and Technology(JKUAT) KENYA

Assistant Prof. Dr. Jennifer Percival University of Ontario Institute of Technology CANADA Prof. Dr. Sc. Igor Kuzle University of Zagreb CROATIA Assoc. Prof. Dr. Milan Hutyra VŠB - Technical University of Ostrava CZECH

Prof. Dr. Megat Mohamad Hamdan Megat Ahmad The National Defence University of Malaysia MALAYSIA Prof. Dr. Rachid Touzani Université Mohammed 1er MOROCCO Prof. Dr. José Luis López-Bonilla Instituto Politécnico Nacional MEXICO

Prof. Dr. Mohamed Abas Kotb Arab Academy for Science, Technology and Maritime Transport EGYPT

Assoc. Prof. Dr. Ramsés Rodríguez-Rocha IPN Avenida Juan de Dios Batiz MEXICO

Prof. Dr. Laurent Vercouter INSA de Rouen FRANCE

Dr. Bharat Raj Pahari Tribhuvan University NEPAL


Prof. Dr. Abdullah Saand Quaid-e-Awam University College of Eng. Sc. & Tech. PAKISTAN Prof. Dr. Naji Qatanani An-Najah National University PALESTINE Prof. Dr. Anita Grozdanov University Ss Cyril and Methodius REPUBLIC OF MACEDONIA Prof. Dr. Vladimir A. Katić University of Novi Sad SERBIA Prof. Dr. Aleksandar M. Jovović Belgrade University SERBIA Prof. Dr. A.K.W. Jayawardane University of Moratuwa SRI LANKA Prof. Dr. Gunnar Bolmsjö University West SWEDEN Prof. Dr. Peng S. Wei National Sun Yat-sen University at Kaohsiung. TAIWAN

Prof. Dr. Ing. Alfonse M. Dubi The Nelson Mandela African Institute of Science and Technology TANZANIA Assoc. Prof. Chotchai Charoenngam Asian Institute of Technology THAILAND Prof. Dr. Hüseyin Çimenoğlu Instanbul Technical University (İTÜ) TURKEY Assistant Prof. Dr. Zeynep Eren Ataturk University TURKEY Dr. Mahmoud Chizari The University of Manchester UNITED KINGDOM Prof. Dr. David Hui University of New Orleans USA Prof. Dr. Pham Hung Viet Hanoi University of Science VIETNAM Prof. Dr. Raphael Muzondiwa Jingura Chinhoyi University of Technology ZIMBABWE


ŠPUBLISHED 2013

Global Engineers and Technologists Review GETview ISSN: 2231-9700 (ONLINE) Volume 3 Number 1 January 2013 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the Publisher.

Printed and Published in Malaysia


Dear the Seeker of Truth and Knowledge To bring a new journal into the world class literature is a great challenge, especially when the aim of the journal is to publish the high quality manuscripts. This is as shown in the right-path progress of The Getview to going to the excellent position. Certainly, the relentless work and vision of editorial board inspires The Getview track, beside their helpful reviews given to assist authors in improving the manuscripts. The mission of the journal will not change: We seek to publish the best work that bridges the interests of two or more communities in engineering and technology. Due to become a great journal recognized is not only where the authors choose to send their most exciting findings, but also on the application and practicable approaches by many ways in which a study can fulfill this criterion, then some work bridges different literatures to transform a question and its importance to the field related with value interdisciplinary research constructed is also the reasons to value the best research of any kind. Hence, by emphasizing on the developing of knowledge, The Getview would like to invite you to participate in the next volume publication by submitting your most important research and encouraging your colleagues to submit the quality manuscripts to us. Regardless the manuscript is accepted or not, one of the great benefits The Getview can provide to the prospective author(s) is mentoring nature of our review process.

Prof. Ahmad Mujahid Ahmad Zaidi, PhD. Chief Editor The Global Engineers and Technologists Review


CONTENTS Vol.3, No.1, 2013 1.

DEVELOPMENT AND IMPLEMENTATION OF AUTOMATED ONLINE ACCESS MONITORING FOR SERVICE AVAILABILITY FOR POINT-TO-POINT COMMUNICATION SYSTEM WAGUCHU, G., NDERU, J. and KONDITI, D.B.

6.

A COMPARATIVE STUDY OF PRIVACY POLICY IMPLEMENTATION IN SAUDI ARABIAN UNIVERSITIES AND TOP 10 UNIVERSITIES OF THE WORLD ALHOMOD, S.M. and SHAFI, M.M.

© 2013 GETview Limited. All right reserved

ISSN 2231-9700 (online)


GLOBAL ENGINEERS & TECHNOLOGISTS REVIEW www.getview.org

DEVELOPMENT AND IMPLEMENTATION OF AUTOMATED ONLINE ACCESS MONITORING FOR SERVICE AVAILABILITY FOR POINT-TO-POINT COMMUNICATION SYSTEM WAGUCHU1, G., NDERU2, J. and KONDITI3, D.B. 1, 2, 3

Department of Telecommunications and Information Engineering Jomo Kenyatta University of Agriculture and Technology P.O. Box 6200-00200, Nairobi, +254, KENYA 1 gwaguchu@yahoo.com 2 adjainderugac@gmail.com 3 dkonditi@mmu.ac.ke ABSTRACT

The rapid growth of the telecommunication industry in Kenya has brought with it increasing competition among service providers. Customers are increasingly focusing on quality of service and availability. The result is an emerging demand for service level guarantees from most corporate customers. Network operations teams face challenges achieving end-to-end service assurance since Service Level Agreements (SLA) are manually managed which is a labour intensive, time consuming and erroneous process. Therefore, researchers need to move from reactive management and historical SLA reporting to proactive service assurance i.e. monitors, detect, and resolve problems customer service is negatively impacted. The objectives of this study are to develop automated online access monitoring system for service availability performance and SLA reporting and to design interface for automated system for corporate SLA customers and to implement it in a realistic environment. This paper presents the results for real-time automated SLA reports for corporate customers to meet End-to-End service assurance. In conclusion, a system for automating SLA report for corporate customer has been developed, installed and report generated Keywords: Service Level Agreements, End-to-End Assurance.

1.0

INTRODUCTION

Kenya has made immense progress in the telecommunication sector following liberalization in 1997 (Poghisio, 2010) of the telecommunication industry giving, way to new entrants’ mobile network operators and service providers. Again, following liberalization of international gateway there are now many players providing telecommunications broadband access. This has made costs come down due to intense competition. Therefore, following liberalization rapid growth of the telecommunication industry has brought in price competition among service providers with customers increasingly focusing on service quality. The result is an emerging demand for service level guarantees from most corporate customers. SLAs are only significant and a key differentiator in a competitive environment. Price wars have been in Kenya’s mobile communications market since 2008, however price is no longer a factor but differentiated quality of services (QoS) is an attractive way to retain existing customers, attracting new ones (Garg et al., 2002) and achieving revenue growth. Article from Sunday Nation (Charles, 2012) reported that largest Telecommunication Service Provider in Kenya “Safaricom” scored below par in CCK quality of service report and Operators Scored average of 50 %, failing below required target of 80 %. SLA is a written agreement between Telecommunication Service Providers (TSPs) and customers that specifies in measurable terms what services the TSPs will furnish and what penalties the Service Provider will pay in the event if s/he fails to meet the Service Levels and subject to the conditions specified in this SLA (Zhang and Song, 2010). The SLA records a common understanding about services, priorities, responsibilities, guarantees, and warranties. Telecommunication Service providers in Kenya, lack automated systems and methods for determining whether the actual level service provided to a consumer of the service corresponds to the contractual SLA commitment. If a consumer of a service alleges that the actual level of service has failed to meet the contractual SLA commitment, the TSPs may need to complete an audit of various records to determine the validity of the complaint and generate report as per customer demand. Such an audit may be an onerous process conducted manually by TSPs personnel. Research carried out by Communication Commission of Kenya (CCK), (Wangusi, 2012) “report on the cellular mobile quality of service performance assessment for the 20112012 period”. -

G.L.O.B.A.L E.N.G.I .N.E. E.R.S. .& . .T.E.C. H.N.O.L.O.G.I.S.T.S R.E.V.I.E. W

1


Global Engineers & Technologists Review, Vol.3 No.1

(2013)

Additionally, records available to TSPs may lack service level measurements necessary to conduct an audit or it may be difficult to correlate measurements to the commitment. Consumers of the service are unlikely to notify TSPs regarding level of service that exceeds a contractual SLA commitment. Accordingly, TSPs may not realize when level of service exceeds a contractual commitment. Customer service departments of TSPs collect trouble tickets (or simply, tickets) regarding service issues. Tickets facilitate repairs related to service issues they identify. An aspect of this facilitation includes recording service level measurements in a ticket. This results in loss of integrity on manually managed SLA reports. In Kenya network operations teams face challenges achieving end-to-end service assurance since SLAs are manually managed as shown in the Figure 1, which is a labour intensive, time consuming and erroneous process. Having worked as SLA manager in one of the leading Kenya TSP in [Telkom-orange], it inspired this study. Business today relies heavily on the quality of services (QoS) and this is critical business services to the customers’ retention as well as wining new ones. A move must be made from reactive management and historical SLA reporting to truly proactive service assurance, in which they monitor, detect, and resolve problems in applications before customer service is impacted. In order to be competitive in the markets today, a common way of improving the effectiveness is automation of SLA reports. Without automated, Service reporting is difficult, resource and time consuming, no mapping of technical issues into financial and business impact, no “real-time” visibility into SLA compliance, no End to End service assurance and no customer centric SLA management representing the real customer experience. Current monitoring infrastructures lack appropriate solutions for adequate SLA monitoring to meet end to end service assurance. These have raised a number of open issues and challenges for researchers, engineers, and operators to devise a new system for meeting end to end service availability assurance. An important part of solution is to develop a real-time automated system SLA reporting for corporate customers to meet End to End service assurance. This will help to reduce discrepancy between customers and service providers with respect to the service levels defined in the contract.

Contract Negotiation does not leverage standards. [UC is underpinning contract and OLA [Operational Level Agreement]

Reporting is reactive. Alerting is not present

Data collection is labour intensive

Figure 1: Showing rarely are systems in place to aid with service delivery.

2.0

METHODOLOGY

Techniques to determine the end to end guaranteeing of individual corporate customer SLAs for applications being provisioned is an important management task for the TSPs. To achieve this goal, the TSP has to monitor the resource consumption behaviour and the performance of each single application differently to ensure that the agreed SLA objectives are not violated. The monitoring technique should be capable of automatically detecting outage and help resolve problems within shortest time in applications before corporate customer service is largely impacted and start complaining. Automated system was developed using wampserver, microcontroller, relay and laptop. Passive method for measuring packets was employed. The measured values were accessible by means of Simple Network Management Protocol [SNMP] gathered at managed service. 2.1 Monitoring and Reporting for Developed System Monitoring deals with how to accurately measure the contracted service (availability) that TSPs deliver to their customers. Implementing proposed system, it automatically acquired information about the service availability, runtime status and detected SLA outage scenario. Only access network availability performance status was monitored. Reporting deals with mechanisms to satisfy sophisticated customers who demand real-time reporting to confirm that they are receiving the service level they were promised. The real time data was collected at managed service using passive method, modeled and stored in mysql database. The database was updated for every outages instance data that was received. The system © 2013 GETview Limited. All rights reserved

2


Global Engineers & Technologists Review, Vol.3 No.1

(2013)

adopted Complex mapping rules consisting of predefined formulae as in Equation 1 for the calculation of specific SLA parameters using the resource metrics. Script for SLA formulation was developed for generating weekly SLA reports automatically.

(1)

2.2 Automated Technology and SLA Formulation Script Manually managed service level availability for corporate customers will be automated using wampserver. The first enabler for automated SLA management is a flexible but precise formalization of what an SLA is. The flexibility is needed since we neither completely understand nor can anticipate all possible SLAs for all the different types of web service providers. This will also help create a generic SLA management system for managing a range of different SLAs. The precision is essential so that an SLA management system can unambiguously interpret, monitor, enforce, and optimize SLAs. Using Php code Scripts for SLA formulation will be developed based on known SLA formula as given in Equation 1. 2.3 The Interface Design of Automated System for Corporate SLA Customers Computer receives information from its environment through various I/O ports. USB serial communication was chosen for this use because it is robust and is most widely applied today. Any microcontroller can be used since there is not much required from it other than to alert the computer of its presence or absence. The socket receives power from the wall outlet at 120V, AC. Power is then stepped down to 5V by the AC/DC converter. This power is then fed to a relay which switches a controller on/off. The micro-controller when switched on communicates with the computer alerting it of its presence. The computer here has the very simple task of checking for the availability or unavailability of the microcontroller and records the time that the micro-controller powers on and also when it powers off. This way the computer also records the time that the wall socket power is on or off. The prototype automated SLA reporting was been installed as a pilot implementation for a medium TSP and used to monitor SLA parameter of the SLA contracts as shown in Figure 2. Configuration was static IP address based.

socket from TSP

AC/DC converter

relay

micro-controller

computer

Figure 2: Schematic interface design for automated system for corporate SLA customer

2.3.1 Data collection To guarantee SLAs, data was collected at management system using passive method as shown in Figure 2 where most corporate customers do have their link. Measured data was stored and modeled in mysql database for generation of corporate customer SLA reports.

3.0

RESULTS AND DISCUSSION

Automated corporate SLA report (weekly) was generated by developed system as shown in Table 1, Table 2 and Table 3. Table 1 show view case in successful test-Service availability on access network .The system provided following metrics of the link: Availability status (0-link is available and 1-link unavailable) and outage. Table 2 results show availability connectivity for SLA customer while Table 3 results show availability connectivity as per client. All the outages captured were stored on database. The database was updated for every outage occurred for instance the client that was assigned userId: e30. Each SLA client was assigned with userId as

Š 2013 GETview Limited. All rights reserved

3


Global Engineers & Technologists Review, Vol.3 No.1

(2013)

shown in the tables. To generate weekly SLA report as in Table 3, the detail for clients with userId: e30 and e32, was keyed in and SLA report generation dashboard weekly option was selected. Table 1: View case in successful test-Service availability on access network.

Notification process for fault and network availability is automated. This can enable the teams to be proactive by attending to faults even before the customer is negatively impacted. Reports provided via Table 1 to customers for anytime access are a good way to convey this information and real-time views into the service quality allow customers to assure themselves of service quality. Table 2: Weekly service availability report for all clients on access network.

Table 3: Weekly service availability status for both client’s e30 and e32.

5.0

CONCLUSION

A system for automating SLA report for corporate customer was developed for early detection of outage problems. This would help service provider to resolve problems in applications before customer service is negatively impacted and begin complaining. Real time capturing of outages has been addressed rather than relying on reactive management and historical service level agreement reporting. This will reduce network down time, avoid penalties and improve customer satisfaction. On the other hand, it will be of benefit to service providers on return on investment, retaining customers and winning new ones. The system was successfully installed as a pilot implementation and used to generated service availability report. Proposed system makes reporting on SLA compliance automatic to simplifies “end-of” time periods that can otherwise be extremely rushed and error-prone.

REFERENCES [1] Poghisio, H.S. (2010): Toward Acknowledge Economy Vision 2030 National Information and Communication Technology Master plan, p.10, p.18. © 2013 GETview Limited. All rights reserved

4


Global Engineers & Technologists Review, Vol.3 No.1

(2013)

[2] Garg, R., Saran, H., Randhawa, R.S. and Singh, M. (2002): A SLA framework for QoS Provisioning and Dynamic Capacity Allocation, Quality of Service, Tenth IEEE International Workshop on , 15-17 May 2002, pp.129-137. [3] Charles, W. (2012): Safaricom Scores below Par in CCK Quality of Service Report, Sunday Nation, 23 December, p.39, p.42. [4] Zhang, S. and Song, M. (2010): An Architecture Design of Life Cycle Based SLA Management. In The 12th International Conference on Advanced Communication Technology (ICACT), Vol.2, pp.1351-1355. [5] Wangusi, F.W. (2012): Report on the Cellular Mobile Quality of Service Performance Assessment. June, http://www.CCK.go.ke/consumers/other info/quality of service .html p.1.

Š 2013 GETview Limited. All rights reserved

5


GLOBAL ENGINEERS & TECHNOLOGISTS REVIEW www.getview.org

A COMPARATIVE STUDY OF PRIVACY POLICY IMPLEMENTATION IN SAUDI ARABIAN UNIVERSITIES AND TOP 10 UNIVERSITIES OF THE WORLD ALHOMOD1, S.M. and SHAFI2, M.M. King Saud University Riyadh 11321, P.O. Box 231201, KINGDOM OF SAUDI ARABIA 1 alhomod@ksu.edu.sa 2 mmudasir@ksu.edu.sa ABSTRACT Information privacy defines the collection, usage and disclosure of the data acquired from the user by an organisation. It has been one of the areas of extended discussion over a past decade. There has been a lot of discussion and research conducted about the information privacy online. One way of ensuring privacy is the presence privacy policy page in the websites. This paper is concerned with privacy policy implementation in Saudi Arabian universities and top 10 universities of world. The top 10 universities for this study were selected on the basis of authentic ranking source and all the universities in Saudi Arabia both the government and the private ones were selected for this study. In this paper we present the result of study of privacy policy between Saudi Arabian universities and top 10 universities of world. Keywords: Websites, Privacy Policy, Data Privacy, Web Privacy, Universities, Educational Collages, Data Privacy Laws, Internet Laws, Saudi Arabia.

1.0

INTRODUCTION

Privacy is one of the most important issue concerning the user over the internet. Every website these days try to ensure that some kind of privacy is maintained over their websites. One way of ensuring privacy over websites is the presence of privacy policy in a website. A privacy policy is a statement that describes the websites policy on storing and using the information from the visitor of the website. Most websites provide a link to the privacy policy page on their website. The contents of the privacy policy depend upon the requirements of the organization as well as on the law applicable in that region and may also need to address the laws of multiple countries and their jurisdiction (Alhomod and Shafi, 2012). Privacy policy generally informs the user about the information it collects and the reasons for collecting this information. There are no standards nor requirements for privacy policy and as a reason there is no standard definition for privacy policy. The definition of privacy policy according to Experian QAS is “A privacy policy is a legally binding notice of how a company deals with a contact's (customer, prospect, employee) personal information”. Users over the internet are not willing to provide information unless they know what information is collected and used for. This makes the implementation of privacy policy extremely important. A privacy policy statement must also be easily accessible and understandable to the user (Antón et al., 2002). The presence of privacy policy has largely been associated to the e-commerce and e-market websites. Our concern is the privacy policy implementation in the educational sector websites. In this paper, our aim is to study the privacy policy application in Universities in Saudi Arabia and top 10 universities of the world. The top 10 universities were selected on the basis of rankings in “Times Higher Education World University Rankings” and “QS World University Rankings” of 2010. There was a consensus on the top 10 universities in both the rankings. The only difference being the number at which universities were placed. For example, the university placed at Number 1 in one ranking was placed at Number 6 in the other. Since a large number of students and other people log into the websites of these universities and disclose their information, it becomes necessary for these websites to implement some kind of privacy over these websites. The Paper is organized as follows. First, we will describe the background to the study. Next, we will discuss the approach undertaken in the research. Further, we will provide the results of the study. Finally, in the last section we will provide our conclusion to the study.

2.0

BACKGROUND OF STUDY

People all around the world are concerned about the information they provide over the internet. They -

G.L.O.B.A.L E.N.G.I .N.E. E.R.S. .& . .T.E.C. H.N.O.L.O.G.I.S.T.S R.E.V.I.E. W

6


Global Engineers & Technologists Review, Vol.3 No.1

(2013)

understand that the information they provide must not be used without their consent. There are numbers of surveys that support this fact. A survey conducted by Graphics, Visualization and Usability centre of the Georgia Institute of Technology found out that 69.95 % of the users were concerned providing information to the websites (Pitkow and Kehoe, 1997). A survey conducted by TRUSTe showed that 78 % of users will provide information to website if they are provided with some kind of privacy assurance (Rouse, 2005). The results of these surveys provided an important observation that the organisations that publish privacy policies online are considered trustworthy and users are less concerned about the disclosure of information over these websites. Thus having a privacy policy statement increases the user confidence in disclosing the information. Over the past decade a number of data privacy laws have been introduced in a number of countries. The European Union adopted “European privacy directive” in 1995 to regulate privacy over the internet. Some other countries like Australia, Canada and Argentina have also introduced their data privacy laws (Perkins and Markel, 2004) and (Kobra, 2002). In Us the data privacy are governed by “The Children's Online Privacy Protection Act (COPPA)”, ” The Gramm-Leach-Bliley Act”, “Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules” (Perkins and Markel, 2004). In Canada data privacy is governed by “Personal Information Protection and Electronic Document Act (PIPEDA)” which is similar to the European privacy directive (Perkins and Markel, 2004). Saudi Arabia in 2001 passed “the Internet laws” which is responsible for enforcing data privacy in Saudi Arabia. There are the laws that govern every aspect of data privacy over the internet in these countries. The aim of our study is to compare the privacy policy application in Worlds top 10 universities and the universities present in Saudi Arabia. Since the world’s top 10 universities are present in the places where privacy laws are present and thus making this study extremely important and interesting.

3.0

RESEARCH METHODOLOGY 3.1 Select Website There are a total of 27 government and private universities in Saudi Arabia. In this step all the websites of the university present in Saudi Arabia were selected. The websites of the top 10 universities of the world were also selected. 3.2 Content Analysis In this step we first looked for the presence of privacy page in the website. If the privacy page was present, content analysis of the privacy statement was done. Content analysis is a research tool to derive valid inferences and concepts from the text (Earp et al., 2005). In this step the privacy statement of each website was studied to understand the level of privacy implemented by the websites. The privacy policy of each website was evaluated on the basis of the United States Federal Trade Commission's Fair Information Practice Principles (FIPs). The Fair Information Practice Principles (FIPs) are widely accepted guidelines for ensuring fair practices and is based on following core principles (Antón et al., 2002) and (Richardson et al., 2003). 3.2.1 notice / awareness Users must be informed about the information they need to disclose and how this information will be used (Antón et al., 2002; Richardson et al., 2003; Gemmell, 1997). 3.2.2 choice / consent Users should be informed about what information can be used by website for secondary purposes (Antón et al., 2002; Richardson et al., 2003; Gemmell, 1997). 3.2.3 access / participation Users providing information to the websites must be able to access it. (Antón et al., 2002; Richardson et al., 2003; Gemmell, 1997). 3.2.4 integrity / security Websites should ensure that data provided by the user is accurate. Websites must not also provide unauthorized access to the information provided by the user (Antón et al., 2002; Richardson et al., 2003; Gemmell, 1997). 3.3

Classification The last part of our research methodology was classifying the websites. Once the websites were checked for presence of privacy policy, each website was classified as: 3.3.1 privacy policy present © 2013 GETview Limited. All rights reserved

7


Global Engineers & Technologists Review, Vol.3 No.1

(2013)

A link to a separate page stating the privacy policy of website is present i.e. privacy policy is present. 3.3.2 privacy policy not present No page or link dedicated to privacy policy of website present i.e. privacy policy not present. Once the presence of privacy policy is determined in the websites, the second part of the study was to check whether the privacy policy comply with the Fair information practice principles of Notice/Awareness, choice/Consent, Access/Participation and Integrity/Security. On the basis of the presence of these principles the websites privacy policy was rated as: i) ii)

4.0

Strong : The privacy policy of website complying with any three FIP principles was classified as strong. Weak : The privacy policy of website complying with two or less than two of the four FIP principles was classified as weak.

RESULTS AND DISCUSSION

There was a huge difference in the application of privacy policy in the universities of Saudi Arabia and the top 10 universities of the world. Out of the total universities in Saudi Arabia, only 11 % had privacy policy implemented in their websites and 89 % university where those where there was no privacy policy implemented. This percentage changes dramatically when we take the case of top 10 universities of the world as shown in Figure 1(a). It was found that world’s top 10 universities have certainly better result in terms of privacy policy implementation as compared to Saudi Arabian universities. The percentage changes to 80 % where privacy policy is implemented in the websites while as 20 % of the websites had no privacy policy implemented based on Figure 2(b). This result is clearly far better in the top 10 universities of the world as compared to universities of Saudi Arabia. Privacy Pol icy Present 11%

Privacy Policy Not Present 89%

Pri vacy poli cy not Present 20% Privacy pol icy Present 80%

(a) (b) Figure 1: Privacy policy in (a) Saudi Arabian universities, (b) Top 10 universities of world.

Now, that the presence of privacy policy in the websites of Saudi Arabian universities and that of top 10 universities of the world is determined. Next part of our study is concerned with determining the status of privacy policy on the basis of fair information practices principles (FIPs). The websites privacy policy which comply to the four fundamental principles of FIPs were categorized as strong and the websites which doesn’t comply to the all four Principles of FIPs were termed as weak. The websites of Saudi Arabian universities fared better on this front as compare to top 10 universities of world. It was found that 80 % of the Saudi Arabian university websites where privacy policy was implemented has strong privacy policy in place while as 20 % of these had weak status of privacy policy as shown in Figure 2(a). In case of top 10 universities of world only 62 % of the websites where privacy policy was present had strong privacy policy implemented while as 38 % had weak privacy policy implemented as depicted in Figure 2(b).

Weak 20%

Weak 38%

Strong 80%

Strong 62%

(a) (b) Figure 2: Status of privacy policy in (a) KSA universities, (b) Top 10 universities. © 2013 GETview Limited. All rights reserved

8


Global Engineers & Technologists Review, Vol.3 No.1

(2013)

It’s also worth mentioning that in our study, we only checked for the presence privacy policy in the main website of the university. We didn’t look for the presence of privacy policy in the individual department websites of the universities. There was also couple of university websites in Saudi Arabia where privacy policy page was still under construction. We have categorized such university websites as “privacy policy not present”.

5.0

CONCLUSION AND FUTURE WORK

A lot of attention is given to information privacy these days. One way of ensuring privacy online is having the presence of privacy policy page in the website. Privacy policy page is one way of ensuring privacy by informing users about the information to be collected and its use. Organizations all around the world are using privacy policy statement to ensure information privacy in their website. There are also some companies which certify the privacy policy of your website. Keeping this thing in consideration, we conducted a survey on privacy policy implementation in Saudi Arabian universities and top 10 universities of world. As expected the top 10 universities of world fared better as compare to Saudi Arabian universities in the implementation of privacy policy in their websites. This fact can be attributed to the presence of data privacy laws in the countries where these universities are present. But, it seems that top 10 universities are less concerned about the content inside the privacy statement as the status of privacy statement was weak as compared to Saudi Arabian universities. So, the Saudi Arabian universities were better in informing the user about their privacy policy and information use. Our study was only concerned with the Saudi Arabian and top 10 universities of the world. There are a lot of areas to which this study can be extended. The study can be extended to compare the privacy policy between two countries or between different sectors in the same countries. We recommend the study to be extended to other sectors and areas.

REFERENCES [1] Antón, A.I., Earp, J.B. and Reese, A. (2002): Analyzing Website Privacy Requirements Using a Privacy Goal Taxonomy, Proceedings of the IEEE Joint International Conference on Requirements Engineering (RE’02), pp.23-31. [2] Perkins, E. and Markel, M. (2004): Multinational Data-Privacy Laws: An Introduction for IT Managers, IEEE transactions on professional communication, Vol.47, No.2, pp.85-94. [3] Pitkow, J.E. and Kehoe, C.M. (1997): Federal Trade Commission Public Workshop on Consumer Information Privacy, GVU Technical Report: GIT-GVU-97-15, pp.1-38. [4] Earp, J.B., Antón, A.I., Aiman-Smith, L. and Stufflebeam, W.H. (2005): Examining Internet Privacy Policies within the Context Of User Privacy Values, IEEE transactions on engineering management, Vol.52, No.2, pp.227-237. [5] Korba, L. (2002): Privacy in Distributed Electronic Commerce. Proceedings of the 35th Hawaii International Conference on System Sciences, pp.4017-4026. [6] Rouse, M. (2005): Privacy, in vertical data management stratagies – financial services data management, Ebook by techtarget. [7] Richardson, M., Agrawal, R. and Domingos, P. (2003): Trust management for the semantic web. In Proceedings of the 2nd International Semantic Web Conference, pp.351-368. [8] Gemmell, P.S. (1997): Tracable E cash, IEEE Spectrum, Vol.34, No.2, pp.35-37. [9] Alhomod, S.M. and Shafi, M.M. (2012): Privacy Policy in E Government Websites: A Case Study of Saudi Arabia, Computer and Information Science, Vol.5, No.2, pp.88-93.

© 2013 GETview Limited. All rights reserved

9


No 1-1, Jalan KNMP 2A, Kompleks Niaga Melaka Perdana, 75450, Ayer Keroh, Melaka, MALAYSIA.

GETview Vol3 No1 January 2013  

Global Engineers and Technologists

Read more
Read more
Similar to
Popular now
Just for you