A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises
نویسندگان
چکیده
Privacy management is important for enterprises that handle personal data: they must deal with privacy laws and people’s expectations. Currently much is done by means of manual processes, which make them difficult and expensive to comply. Key enterprises’ requirements include: automation, simplification, cost reduction and leveraging of current identity management solutions. This paper describes a suite of privacy technologies that have been developed by HP Labs, in an integrated way, to help enterprises to automate the management and enforcement of privacy policies (including privacy obligations) and the process of checking that such policies and legislation are indeed complied with. Working prototypes have been implemented to demonstrate the feasibility of our approach. In particular, as a proof-of-concept, the enforcement of privacy policies and obligations has been integrated with HP identity management solutions. Part of this technology is currently under productisation. Technical details are provided along with a description of our next steps.
منابع مشابه
A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises
It is common practice for enterprises and other organisations to ask people to disclose their personal data in order to grant them access to services and engage in transactions. This practice is not going to disappear, at least in the foreseeable future. Most enterprises need personal information to run their businesses and provide the required services, many of whom have turned to identity man...
متن کاملExtending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises
This paper describes issues and requirements related to privacy management as an aspect of improved governance in enterprises. It focuses on the privacy enforcement aspect, in particular related to privacy-aware access control and enforcement of privacy obligations: this is still a green field and, at the same time, is a key aspect to be taken into account to ensure compliance both with regulat...
متن کاملAn Algebra for Composing Enterprise Privacy Policies
Enterprise privacy enforcement allows enterprises to internally enforce a privacy policy that the enterprise has decided to comply to. To facilitate the compliance with different privacy policies when several parts of an organization or different enterprises cooperate, it is crucial to have tools at hand that allow for a practical management of varying privacy requirements. We propose an algebr...
متن کاملPrivacy Enforcement with HP Select Access for Regulatory Compliance
Regulatory compliance is a hot topic for enterprises. The increasing number of laws, including SOX, GLB, HIPAA and various governmental directives on data protection require enterprises to put in place complex processes to comply with related policies. Among other things, this involves the analysis, modeling, deployment, enforcement and audit of these policies. Privacy management is a core aspe...
متن کاملPrivacy Enforcement and Accountability with Semantics (peas2007) Iswc 2007 Sponsor Workshop Motivation and Goal beyond Secrecy: New Privacy Protection Strategies for the World Wide Web Semantic-driven Enforcement of Rights Delegation Policies via the Combination of Rules and Ontologies
We show that the semantic formal model for Open Digital Right Language (ODRL)-based rights delegation policies can be enforced and expressed as a combination of ontologies and rules, e.g., Semantic Web Rule Language (SWRL). Based on ODRL’s expressions and data dictionary, a rights delegation ontology is proposed in this study. Furthermore, we express the rights delegation policy as a set of ont...
متن کامل