Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises
نویسندگان
چکیده
This paper describes issues and requirements related to privacy management as an aspect of improved governance in enterprises. It focuses on the privacy enforcement aspect, in particular related to privacy-aware access control and enforcement of privacy obligations: this is still a green field and, at the same time, is a key aspect to be taken into account to ensure compliance both with regulations and an enterprise’s IT governance objectives. We introduce our HP Labs work in these areas: core concepts are described along with our policy enforcement models and related technologies. Two prototypes have been built as a proof of concept to: (1) enforce privacy policies on personal data by extending HP Select Access; (2) manage and enforce privacy obligations on personal data, integrated with HP Select Identity. We describe their technical capabilities and our next steps.
منابع مشابه
A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises
Privacy management is important for enterprises that handle personal data: they must deal with privacy laws and people’s expectations. Currently much is done by means of manual processes, which make them difficult and expensive to comply. Key enterprises’ requirements include: automation, simplification, cost reduction and leveraging of current identity management solutions. This paper describe...
متن کاملPrivacy Enforcement with HP Select Access for Regulatory Compliance
Regulatory compliance is a hot topic for enterprises. The increasing number of laws, including SOX, GLB, HIPAA and various governmental directives on data protection require enterprises to put in place complex processes to comply with related policies. Among other things, this involves the analysis, modeling, deployment, enforcement and audit of these policies. Privacy management is a core aspe...
متن کاملA System to Handle Privacy Obligations in Enterprises
Privacy obligations dictate expectations and duties that need to be carried out by enterprises when storing, processing and disclosing personal data. Privacy obligations can be defined by data subjects, by laws and/or enterprises’ internal guidelines. They require enterprises to deal with data governance and data lifecycle management activities, including data retention and deletion aspects, no...
متن کاملDealing with Privacy Obligations: Important Aspects and Technical Approaches
obligations, privacy, policies, enforcement, monitoring, stickiness, accountability, identity management The management and enforcement of privacy obligations is a challenging task: it involves legal, organizational, behavioral and technical aspects. In particular, the management of privacy obligations for identity and confidential data can require ongoing efforts, both in the short and very lo...
متن کاملA Systemic Approach to Automate Privacy Policy Enforcement in Enterprises
It is common practice for enterprises and other organisations to ask people to disclose their personal data in order to grant them access to services and engage in transactions. This practice is not going to disappear, at least in the foreseeable future. Most enterprises need personal information to run their businesses and provide the required services, many of whom have turned to identity man...
متن کامل