Certainty is Absurd: Meeting Information Security Requirements in Laws on Population Genetic Databases
This paper describes the problem of determining whether plans for a population genetic database in Iceland met statutory information security requirements. It discusses the approach taken by the relevant governmental authority, which involved employing technical standards to solve the problem. By ex...
| Published in: | Medical Law International |
|---|---|
| Main Authors: | , |
| Format: | Article in Journal/Newspaper |
| Language: | English |
| Published: |
SAGE Publications
2008
|
| Subjects: | |
| Online Access: | http://dx.doi.org/10.1177/096853320800900204 http://journals.sagepub.com/doi/pdf/10.1177/096853320800900204 |
| Summary: | This paper describes the problem of determining whether plans for a population genetic database in Iceland met statutory information security requirements. It discusses the approach taken by the relevant governmental authority, which involved employing technical standards to solve the problem. By examining the background to the project, and the main challenges it faced, the paper aims to draw out insights and lessons to inform the way in which future projects are designed and governed. It reflects critically on the results of trying to meet legal requirements for information security by using technical information security standards. Particular attention is given to the founding legislation of the project, and the court case that eventually found that legislation to be unconstitutional. |
|---|