A review of information privacy laws and standards for secure digital ecosystems

Information privacy is mainly concerned with the protection of personally identifiable information. Information privacy is an arduous task, in particular, in the context of complex adaptive and multi-party heterogeneous digital ecosystems. There is a need to identify and understand the relevant privacy laws and standards for designing the secure digital ecosystems. This paper presents the results of our information privacy research in digital ecosystems through the lens of local and international privacy regulations and standards. A qualitative research method was applied to review a set of identified privacy laws across the four layers of digital ecosystem. The evaluation criteria has been applied to evaluate the applicability and coverage of the selected seven information privacy laws to people, process, information and technology layers of the digital ecosystems. The research results indicate that information privacy is a critical phenomenon; however, it is not adequately addressed in the context of end-to-end digital ecosystems. It is recommended that a multi-layered privacy by design approach is required by reviewing and mapping information privacy laws and standards to design the secure digital ecosystems.