Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

HP.com home


Technical Reports



» 

HP Labs

» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» People
» Worldwide sites
» Downloads
Content starts here

 
Click here for full text: PDF

Dealing with Privacy Obligations: Important Aspects and Technical Approaches

Casassa Mont, Marco

HPL-2004-34

Keyword(s): obligations; privacy; policies; enforcement; monitoring; stickiness; accountability; identity management

Abstract: The management and enforcement of privacy obligations is a challenging task: it involves legal, organizational, behavioral and technical aspects. In particular, the management of privacy obligations for identity and confidential data can require ongoing efforts, both in the short and very long term. It can be affected by events. Work has already been done for the management of obligations subordinated to authorization aspects (triggered by interactions and transactional events) and simple long-term obligations for data retention. Dealing with ongoing and long-term aspects of obligations is still a green field and open to research. This area is of particular relevance for enterprises, organizations and government agencies that deal with personal identity information. Privacy and data protection laws already dictate obligations involving ongoing and long-term constraints and duties. This paper explores and analyses the explicit management of privacy obligations for identity information by considering privacy obligations as first-class citizens. We focus on the technical aspects even if we recognize that the problem cannot be solved only by deploying technological solutions. Mechanisms are required to represent, manage, monitor and enforce obligation policies in complex and heterogeneous environments. Policy-driven scheduling mechanisms coupled with secure workflows and auditing techniques can be useful to address aspects of the problem. It is also important to be able to strongly couple these policies to confidential data, track their storage, distribution and deal with relevant events. Our research is work in progress: we illustrate some of our technical work and investigation in this space.

10 Pages

Back to Index

»Technical Reports

» 2009
» 2008
» 2007
» 2006
» 2005
» 2004
» 2003
» 2002
» 2001
» 2000
» 1990 - 1999

Heritage Technical Reports

» Compaq & DEC Technical Reports
» Tandem Technical Reports
Printable version
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.