Privacy

Our mission is to enable and encourage HP to be a leader in informational privacy technologies, solutions and practices.

What's the problem?

• People want to use their identities and privacy preferences across multiple trust domains seamlessly
• It's usually someone else that controls and manages people’s personal information; citizens, consumers and civil society groups are increasingly expressing concern about this.
• We want to make it easier and more cost-effective for organisations to comply with privacy regulations and to delight ordinary people with robust management of their personal information in accordance with their privacy-related consents and preferences.

The provision of informational privacy raises many hard technology research questions.  Amongst these are:

• How to put more rigor and personal choice into the control and management of personal information by organisations, online communities and individuals?
• How to define, manage, enforce and revoke the specific consents and privacy preferences that people express about the management of their personal information, and increase the level of assurance given them that these are respected by entities that store or use this information?
• How best to employ a mix of technologies and business processes to compel all parties that process personal information to handle it in accordance with agreed policies, and make them accountable for so doing?
• How best to assist those responsible for the design of IT systems and projects that collect, store or use personal information make the right privacy-respecting design choices, and hold them accountable for these? What technology does this require?
• How can technology support Privacy Impact Assessments and the use of Privacy By Design principles in a cost-effective manner?
• How can compliance auditing technology help? What other issues does the act of auditing raise and how can these be solved?
• How to leverage trusted computing technologies to underpin the management of personal data and its associated policies, consents and preferences? 
• How can technology and the privacy regulatory regime become better mutually supportive?  What will/should a future privacy regulatory regime look like? What are the implications for people and organisations?
• How will the issues and potential solutions evolve in a cloud environment?

What are we doing?

• Researching privacy-enhancing system architectures and middleware for:
  • Enforcement of organisations' privacy policies and individuals' consents and preferences that cover the management and processing of personal information
  • Managing the evolution of individuals' consents and preferences over their complete lifecycle, including their revocation
• Developing accountability management technology to encourage the selection of better system design choices that affect personal information, and researching the fundamental principles upon which the technology is based
• Researching how accountability, consent management and policy enforcement technologies can be best applied to the management of personal data in cloud-based service environments.
• Researching architectures and technologies to improve the trust, security and privacy available to online communities that use mobile communications systems

Much of the above work is being done with research partners in two collaborative projects. EnCoRe, part funded by the UK government, aims to make giving consent to the storage, use and sharing of personal information as reliable and easy as turning on a tap, and revoking that consent as reliable and easy as turning it off again. See www.encore-project.info. PICOS, part funded by the European Commission, investigates and addresses the trust, security and privacy aspects of mobile online communities. See www.picos-project.eu. Other work is being done in conjunction with the HP Privacy Office and also in support of business engagements with HP's enterprise customers.

This work is being done by researchers based in Bristol, UK and Princeton, New Jersey.

For more information contact: Pete Bramhall, Senior Project Manager, pete.bramhall@hp.com