Abstract
Protecting the privacy of individuals demands that special care be taken with the handling of an individual’s personal information. Either the system should store as little or no user data at all, or it should protect access to the data in cases where it is necessary that data has to be stored. A common approach to the protection of PII (in a privacy aware system) is to associate a set of purposes with the PII which indicates the enterprise’s use of the data.
Purposes placed in a hierarchical structure (such as a lattice) can subsume each other, which can provide flexibility in the customisation of a privacy agreement. In this article the customisation of privacy agreements using purposes placed in a lattice is considered. In particular minimal acceptance levels, maximal acceptance levels, validation and invalidation of agreements with respect to purpose lattices are introduced.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th VLDB Conference, 2002, Hong Kong, China (2002)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorisation language (EPAL 1.1). Technical report, International Business Machines Corporation (2003)
Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: SACMAT 2005, Stockholm, Sweden, June 2005, ACM Press, New York (2005)
Chaum, D.L.: Untraceable electronic mail, retrun addresses and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The platform for privacy preferences (P3P1.0) specification. Technical report, W3C (2002), Available at http://www.w3.org/TR/P3P/
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, May 2003, IEEE Computer Society Press, Los Alamitos (2003)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)
Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer, Heidelberg (2001)
Karjoth, G., Schunter, M.: A privacy policy model for enterprises. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, June 2002, Springer, Heidelberg (2002)
OASIS Access Control TC. OASIS extensible access control markup language (xacml) version 2.0. Technical report, OASIS (February 2005)
Oberholzer, H.J.G., Olvier, M.S.: Privacy contracts incorporated in a privacy protection framework. International Journal of Computer Systems Science and Engineering 21(1), 5–16 (2006)
OECD guidelines on the protection of privacy and transborder flows of personal data. Technical report, Organisation for Economic Co-operation and Development (1980)
Olivier, M.S.: A layered architecture for privacy-enhancing technologies. In: Eloff, J.H.P., Venter, H.S., Labuschagne, L., Eloff, M. (eds.) Proceedings of the Third Annual Information Security South Africa Conference (ISSA2003), Sandton, South Africa, July 2003, pp. 113–126 (2003)
Pfitzmann, A., Hansen, M.: Anonymity, unobservability, and pseudonymity: A consolidated proposal for terminology. Draft (July 2000)
Schunter, M., Ashley, P.: The platform for enterprise privacy practices. Technical report, IBM (2002)
van Staden, W.J.C., Olivier, M.S.: Purpose organisation. In: Proceedings of the fifth annual Information Security South Africa (ISSA) Conference, Sandton, June 2005, Johannesburg, South Africa (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
van Staden, W., Olivier, M.S. (2007). Using Purpose Lattices to Facilitate Customisation of Privacy Agreements. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)