Skip to main content
Springer Nature Link
Log in

Privacy Management for Global Organizations

  • Conference paper
Data Privacy Management and Autonomous Spontaneous Security (DPM 2009, SETOP 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5939))

  • 673 Accesses

Abstract

In this paper we look at the complex area of a global outsourcing delivery model among different countries and/or organizations. In this case, privacy requirements stemming from requirements of various countries of data origin need to be honoured and taken into account during the data lifecycle. We review practical privacy management challenges arising in large, global organizations and discuss technology needed to address them. As a first example we describe the design of a privacy tool built and deployed to help an organization identify and manage privacy concerns in the context of Business Process Outsourcing (BPO). As a generalization of this technology we present an automated solution for scalable, accountable privacy management.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Hecker, M., Dillon, T.S., Chang, E.: Internet Computing Privacy Ontology Support for E-Commerce, vol. 12(2), pp. 54–61. IEEE Computer Society Press, Los Alamitos (2008)

    Google Scholar 

  2. Martimiano, L.A.F., Goncalves, M.R.P., dos Santos Moreira, E.: An ontology for privacy policy management in ubiquitous environments, NOMS, pp. 947–950. IEEE, Los Alamitos (2008)

    Google Scholar 

  3. Pearson, Sander, Sharma. Privacy Management for Global Organizations, HP-TR (2009)

    Google Scholar 

  4. Organization for Economic Co-operation and Development (OECD): Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data, OECD, Geneva (1980)

    Google Scholar 

  5. Galway Project, Plenary Session Introduction, p. 5 (April 8, 2009)

    Google Scholar 

  6. Weitzner, A., Berners-Lee, F., Hendler, S.: Information Accountability. Communications of ACM 51(6) (June 2008)

    Google Scholar 

  7. Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, Accountable Privacy Management for Large Organizations. In: INSPEC 2009. IEEE, Los Alamitos (2009)

    Google Scholar 

  8. IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/

  9. OASIS: eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  10. Cranor, L.: Web Privacy with P3P. O’Reilly & Associates, Sebastopol (2002)

    Google Scholar 

  11. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), http://www-dse.doc.ic.ac.uk/research/policies/index.shtml

  12. IBM: Sparcle project, http://domino.research.ibm.com/comm/research_projects.nsf/pages/sparcle.index.html

  13. IBM: REALM project, http://www.zurich.ibm.com/security/publications/2006/REALM-at-IRIS2006-20060217.pdf

  14. OASIS: eContracts Specification v1.0 (2007), http://www.oasis-open.org/apps/org/workgroup/legalxml-econtracts

  15. Travis, D., Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)

    Article  Google Scholar 

  16. Kenny, S., Borking, J.: The Value of Privacy Engineering, JILT (2002)

    Google Scholar 

  17. Privacy and Identity Management for Europe (2008), http://www.prime-project.org.eu

  18. Russel, S., Norvig, P.: Artificial Intelligence – A Modern Approach. Prentice-Hall, Englewood Cliffs (2003)

    Google Scholar 

  19. Dicodess: Open Source Model-Driven DSS Generator, http://dicodess.sourceforge.net

  20. XpertRule: Knowledge Builder, http://www.xpertrule.com/pages/info_kb.htm

Download references

Author information

Authors and Affiliations

  1. Systems Security Lab, HP Labs, Filton Rd, Bristol, UK

    Siani Pearson

  2. Systems Security Lab, HP Labs, 5 Vaughn Dr, Princeton, USA

    Tomas Sander

  3. GBS BCP and Security Team, Wind Tunnel Rd, Bangalore, India

    Rajneesh Sharma

Authors
  1. Siani Pearson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tomas Sander
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rajneesh Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TELECOM Bretagne, Campus de Rennes 2, rue de la Chataigneraie, 35512, Cesson Sevigne, Cedex, France

    Joaquin Garcia-Alfaro

  2. IIA-CSIC, Campus UAB, 08193, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. TELECOM Bretagne, 2 rue de la châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia

  4. Institut Eurécom, 2229 Route des Crêtes - BP 193, 06904, Sophia Antipolis Cedex, France

    Yves Roudier

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pearson, S., Sander, T., Sharma, R. (2010). Privacy Management for Global Organizations. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2009 2009. Lecture Notes in Computer Science, vol 5939. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11207-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11207-2_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11206-5

  • Online ISBN: 978-3-642-11207-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics