Technical Reports
HPL-2008-193
A Model-Based Privacy Compliance Checker
Pearson, Siani; Allison, Damien
HP Laboratories
HPL-2008-193
Keyword(s): privacy, e-business organization, compliance checking, modeling, governance
Abstract: Increasingly, e-business organisations are coming under pressure to be compliant to a range of privacy legislation, policies and best practice. There is a clear need for high-level management and administrators to be able to assess in a dynamic, customisable way the degree to which their enterprise complies with these. We outline a solution to this problem in the form of a model-driven automated privacy process analysis and configuration checking system. This system models privacy compliance constraints, automates the assessment of the extent to which a particular computing environment is compliant and generates dashboard-style reports that highlight policy failures. We have developed a prototype that provides this functionality in the context of governance audit; this includes the development of software agents to gather information on-the-fly regarding selected privacy enhancing technologies and other aspects of enterprise system configuration. This approach may also be tailored to enhance the assurance provided by existing governance tools.
21 Pages
Additional Publication Information: To be published in International Journal of E-Business Research (IJEBR), special issue on Privacy Technologies 2009.
External Posting Date: November 21, 2008 [Fulltext]. Approved for External Publication
Internal Posting Date: November 21, 2008 [Fulltext]