Abstract
Privacy management is important for enterprises that handle personal data: they must deal with privacy laws and people’s expectations. Currently much is done by means of manual processes, which make them difficult and expensive to comply. Key enterprises’ requirements include: automation, simplification, cost reduction and leveraging of current identity management solutions. This paper describes a suite of privacy technologies that have been developed by HP Labs, in an integrated way, to help enterprises to automate the management and enforcement of privacy policies (including privacy obligations) and the process of checking that such policies and legislation are indeed complied with. Working prototypes have been implemented to demonstrate the feasibility of our approach. In particular, as a proof-of-concept, the enforcement of privacy policies and obligations has been integrated with HP identity management solutions. Part of this technology is currently under productisation. Technical details are provided along with a description of our next steps.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Casassa Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement with HP Select Access for Regulatory Compliance, HP Labs Technical Report, HPL-2005-10 (2005)
Casassa Mont, M.: Dealing with Privacy Obligations in Enterprises, HPL-2004-109 (2004)
Casassa Mont, M., Thyne, R., Chan, K., Bramhall, P.: Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises - HPL-2005-110 (2005)
Hewlett-Packard (HP): HP Openview Select Access: Overview and Features (2005), http://www.openview.hp.com/products/select/
Hewlett-Packard (HP): HP OpenView Select Identity: Overview and Features (2005), http://www.openview.hp.com/products/slctid/index.html
IBM Tivoli Privacy Manager: Privacy manager main web page (2005), http://www-306.ibm.com/software/tivoli/products/privacy-mgr-e-bus/
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases, IBM Almaden Research Center (2002), http://www.almaden.ibm.com/cs/people/srikant/papers/vldb02.pdf
IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL 1.2 specification, IBM (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
Synomos: Synomos Align 3.0 (2005), http://www.synomos.com/
SenSage: SenSage Web site (2005), http://www.sensage.com/
PRIME Project: Privacy and Identity Management for Europe, European RTD Integrated Project under the FP6/IST Programme (2006), http://www.prime-project.eu/
Casassa Mont, M.: Dealing with Privacy Obligations: Important Aspects and Technical Approaches, TrustBus 2004 (2004)
Laurant, C.: Privacy International: Privacy and Human Rights 2004: an International Survey of Privacy Laws and Developments, Electronic Privacy Information Center (EPIC), Privacy International (2004), http://www.privacyinternational.org/survey/phr2004/
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), http://www1.oecd.org/publications/e-book/9302011E.PDF
Casassa Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement for IT Governance in Enterprises: Doing it for Real, TrustBus 2005 (2005)
Casassa Mont, M., Bramhall, P., Pato, J.: On Adaptive Identity Management: The Next Generation of Identity Management Technologies, HPL-2003-149 (2003)
Casassa Mont, M., Thyne, R.: Privacy Policy Enforcement in Enterprises with Identity Management Solutions, HP Labs Technical Report, HPL-2006-72 (2006)
Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises, IBM Zurich Research Laboratory, TrustBus 2002 (2002)
Byun, J., Bertino, E., Li, N.: Purpose based access control for privacy protection in Database Systems, Technical Report 2004-52, Purdue University (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mont, M.C., Pearson, S., Thyne, R. (2006). A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_10
Download citation
DOI: https://doi.org/10.1007/11824633_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37750-4
Online ISBN: 978-3-540-37752-8
eBook Packages: Computer ScienceComputer Science (R0)