HP Select Access for Regulatory Compliance">
Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

HP.com home

Technical Reports
» 

HP Labs
» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» People
» Worldwide sites
» Downloads
Content starts here

 
Click here for full text: PDF

Privacy Enforcement with HP Select Access for Regulatory Compliance

Casassa Mont, Marco; Thyne, Robert; Bramhall, Pete

HPL-2005-10

Keyword(s): privacy; privacy enforcement; access control; privacy- aware access control; regulatory compliance; data governance; policy management

Abstract: Regulatory compliance is a hot topic for enterprises. The increasing number of laws, including SOX, GLB, HIPAA and various governmental directives on data protection require enterprises to put in place complex processes to comply with related policies. Among other things, this involves the analysis, modeling, deployment, enforcement and audit of these policies. Privacy management is a core aspect of regulatory compliance. Enterprises store large amounts of personal (confidential) data about their employees, customers and partners. Failure to comply with privacy policies can have serious consequences for their reputation and brand and have negative legal and financial impacts. Most of the solutions in this space address auditing and reporting issues. However, being able to enforce privacy policies on personal data by means of flexible, integrated and adaptive solutions is also very important: at the moment this aspect is still a green field, open to research. This paper describes work done at HP Labs to address this problem and develop a privacy-aware access control system to enforce privacy policies on personal data. A working prototype and a related demonstrator have been implemented, as a proof of concept, by leveraging the HP Select Access product: privacy policies are authored with an extended version of the HP Select Access Policy Builder (via standard plug-ins); related decisions are made by an extended version of the HP Select Access Validator (via standard plug-ins). A brand new "Data Enforcer" has been implemented and integrated with HP Select Access to enforce fine- grained privacy decisions on personal data stored in data repositories. The management of traditional access control policies is integrated with the management of privacy policies. This brings simplicity and rationalises the required set of management and enforcement tools.

36 Pages

Back to Index

»Technical Reports
» 2009
» 2008
» 2007
» 2006
» 2005
» 2004
» 2003
» 2002
» 2001
» 2000
» 1990 - 1999

Heritage Technical Reports
» Compaq & DEC Technical Reports
» Tandem Technical Reports
Printable version
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.