Skip to main content
SpringerLink
Log in

A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises

  • Conference paper
Book cover Trust and Privacy in Digital Business (TrustBus 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4083))

Abstract

Privacy management is important for enterprises that handle personal data: they must deal with privacy laws and people’s expectations. Currently much is done by means of manual processes, which make them difficult and expensive to comply. Key enterprises’ requirements include: automation, simplification, cost reduction and leveraging of current identity management solutions. This paper describes a suite of privacy technologies that have been developed by HP Labs, in an integrated way, to help enterprises to automate the management and enforcement of privacy policies (including privacy obligations) and the process of checking that such policies and legislation are indeed complied with. Working prototypes have been implemented to demonstrate the feasibility of our approach. In particular, as a proof-of-concept, the enforcement of privacy policies and obligations has been integrated with HP identity management solutions. Part of this technology is currently under productisation. Technical details are provided along with a description of our next steps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Casassa Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement with HP Select Access for Regulatory Compliance, HP Labs Technical Report, HPL-2005-10 (2005)

    Google Scholar 

  2. Casassa Mont, M.: Dealing with Privacy Obligations in Enterprises, HPL-2004-109 (2004)

    Google Scholar 

  3. Casassa Mont, M., Thyne, R., Chan, K., Bramhall, P.: Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises - HPL-2005-110 (2005)

    Google Scholar 

  4. Hewlett-Packard (HP): HP Openview Select Access: Overview and Features (2005), http://www.openview.hp.com/products/select/

  5. Hewlett-Packard (HP): HP OpenView Select Identity: Overview and Features (2005), http://www.openview.hp.com/products/slctid/index.html

  6. IBM Tivoli Privacy Manager: Privacy manager main web page (2005), http://www-306.ibm.com/software/tivoli/products/privacy-mgr-e-bus/

  7. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases, IBM Almaden Research Center (2002), http://www.almaden.ibm.com/cs/people/srikant/papers/vldb02.pdf

  8. IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL 1.2 specification, IBM (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/

  9. Synomos: Synomos Align 3.0 (2005), http://www.synomos.com/

  10. SenSage: SenSage Web site (2005), http://www.sensage.com/

  11. PRIME Project: Privacy and Identity Management for Europe, European RTD Integrated Project under the FP6/IST Programme (2006), http://www.prime-project.eu/

  12. Casassa Mont, M.: Dealing with Privacy Obligations: Important Aspects and Technical Approaches, TrustBus 2004 (2004)

    Google Scholar 

  13. Laurant, C.: Privacy International: Privacy and Human Rights 2004: an International Survey of Privacy Laws and Developments, Electronic Privacy Information Center (EPIC), Privacy International (2004), http://www.privacyinternational.org/survey/phr2004/

  14. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), http://www1.oecd.org/publications/e-book/9302011E.PDF

  15. Casassa Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement for IT Governance in Enterprises: Doing it for Real, TrustBus 2005 (2005)

    Google Scholar 

  16. Casassa Mont, M., Bramhall, P., Pato, J.: On Adaptive Identity Management: The Next Generation of Identity Management Technologies, HPL-2003-149 (2003)

    Google Scholar 

  17. Casassa Mont, M., Thyne, R.: Privacy Policy Enforcement in Enterprises with Identity Management Solutions, HP Labs Technical Report, HPL-2006-72 (2006)

    Google Scholar 

  18. Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises, IBM Zurich Research Laboratory, TrustBus 2002 (2002)

    Google Scholar 

  19. Byun, J., Bertino, E., Li, N.: Purpose based access control for privacy protection in Database Systems, Technical Report 2004-52, Purdue University (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hewlett-Packard Labs, Trusted Systems Lab, Bristol, UK

    Marco Casassa Mont & Siani Pearson

  2. Hewlett-Packard, Software Business Organisation, Toronto, Canada

    Robert Thyne

Authors
  1. Marco Casassa Mont
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siani Pearson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert Thyne
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Karlstad University, Universitetsgatan 2, 651 88, Karlstad, Sweden

    Simone Fischer-Hübner

  2. School of Computing, Communications and Electronics, Network Research Group, University of Plymouth, PL4 8AA, Plymouth, UK

    Stevel Furnell

  3. Laboratory of Information and Communication Systems Security Department of Information and Communication Systems Engineering, University of the Aegean, GR-83200, Samos, Karlovassi, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mont, M.C., Pearson, S., Thyne, R. (2006). A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_10

Download citation

  • DOI: https://doi.org/10.1007/11824633_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37750-4

  • Online ISBN: 978-3-540-37752-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation