| |
Click here for full text:
A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises
Casassa Mont, Marco; Thyne, Robert
HPL-2006-51
Keyword(s): privacy; privacy policy enforcement; automation; data governance; identity management; privacy-aware information lifecycle management
Abstract: It is common practice for enterprises and other organisations to ask people to disclose their personal data in order to grant them access to services and engage in transactions. This practice is not going to disappear, at least in the foreseeable future. Most enterprises need personal information to run their businesses and provide the required services, many of whom have turned to identity management solutions to do this in an efficient and automated way. Privacy laws dictate how enterprises should handle personal data in a privacy compliant way: this requires dealing with privacy rights, permissions and obligations. It involves operational and compliance aspects. Currently much is done by means of manual processes, which make them difficult and expensive to comply. A key requirement for enterprises is being able to leverage their investments in identity management solutions. This paper focuses on how to automate the enforcement of privacy within enterprises in a systemic way, in particular privacy-aware access to personal data and enforcement of privacy obligations: this is still a green field. We introduce our work in these areas: core concepts are described along with our policy enforcement models and related technologies. Two prototypes have been built as a proof of concept and integrated with HP state-of-the-art identity management solutions to demonstrate the feasibility of our work. We provide technical details, discuss open issues and our next steps. Notes: Robert Thyne, Hewlett-Packard, Software Business Organisation, Toronto, Canada
16 Pages
Back to Index
|
Printable version
