skip to main content
10.1145/1052220.1052268acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicecConference Proceedingsconference-collections
Article

Tracking privacy compliance in B2B networks

Published: 25 March 2004 Publication History

Abstract

Governments are now enacting comprehensive legislation that regulates how organizations collect and protect sensitive data about individuals. Typically, such legislation has focused on the relationship between consumer and business to ensure proper consent is obtained, procedures exist to safeguard data, and the consumer has recourse to challenge the business. In practice, such legislation places the entire administrative burden of tracking compliance on both the consumer and the business. More significantly, the legislation does not adequately address the sharing of private information between businesses that cooperate in providing services to consumers. In this paper, we introduce the concept of an "information transfer registry" as a mechanism to track compliance in a business to business network that is complementary to existing legislation and technical standards. We show that the concept has the added benefit of reducing the administrative burden on consumers and businesses.

References

[1]
Ackerman L., Kempf, J., Miki, T., Wireless Location Privacy: Law and Policy in the U.S., EU and Japan, Internet Society, 2003. http://www.isoc.org/briefings/015/index.shtml
[2]
Arnesen, R. and Danielsson, J., "A Framework for Enforcement of Privacy Policies", Nordic Security Workshop 2003. http://publications.nr.no/A_Framework_for_Enforcement_of_Privacy_Policies.pdf R@<3>Children's Online Privacy Protection Act of 1998, Federal Trade Commission, United States. http://www.ftc.gov/ogc/coppal.htm
[3]
L. Cranor, J. Reagle, Designing a Social Protocol: Lessons Learned from the Platform for Privacy Preferences, Telecommunications Policy Research Conference, Alexandria, VA, 1998 http://www.w3.org/People/Reagle/papers/tprc97/tprcf2m3.html
[4]
L. Cranor and J. Reidenberg, Can user agents accurately represent privacy notices?, Proceedings of the 30th Research Conference on Communication, Information, and Internet Policy, MIT Press, 2002. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=328860
[5]
I. Dinur and K. Nissim, Revealing Information while Preserving Privacy, PODS'03 conference, 2003 http://www.acm.org/sigmod/pods/proc03/online/177-nissim.pdf
[6]
Directive on Privacy and Electronic Communications, European Union, 2002. http://europa.eu.int/eurlex/pri/en/oj/dat/2002/1_201/1_20120020731 en00370047.pdf
[7]
The Financial Modernization Act, Federal Trade Commission, United States, 1999. http://www.ftc.gov/privacy/glbact/
[8]
Frichman, R. G., Cronin, M. J., Information-Rich Commerce at a Crossroads: Business and Technology Adoption Requirements, Communications of the ACM Sept. 2003, Vol. 46, No. 9
[9]
F. Gandon and N. Sadeh, A Semantic e-Wallet to Reconcile Privacy and Context Awareness, Second International Semantic Web Conference, 2003, USA. http://www2.cs.cmu.edu/~sadeh/Publications/Small Selection/ISWC2003_camera_ready.pdf
[10]
Health Insurance Portability and Accountability Act (HIPAA), United States, 1996. http://www.hipaa.org/
[11]
T. Hogg, B. Huberman, M Franklin, Protecting Privacy While Sharing Information in Electronic Communities, Proceedings of the tenth conference on Computers, freedom and privacy: challenging the assumptions, Toronto, Ontario, Canada, 2000 http://www.cfp2000.org/papers/hogg.pdf
[12]
J. Hong, J. Landay, An Architecture for Privacy-Sensitive Ubiquitous Computing, Berkeley EECS Annual Research Symposium 2004 www.eecs.berkeley.edu/BEARS/STARS/final/hong.pdf
[13]
M. Kudo and S. Hada, XML Document Security based on Provisional Authorization, 7th ACM Conference on Computer and Communication Security 2000. www.trl.ibm.com/projects/xml/xacl/ccs2k-kudo.pdf
[14]
M. Mont, S. Pearson, P. Bramhall, Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services, 8th European Symposium on Research in Computer Security, Norway, 2003. http://www.hpl.hp.com/techreports/2003/HPL-2003-49.pdf
[15]
The Personal Information Protection and Electronic Documents Act (PIPEDA), Department of Justice, Canada, 2000. http://e-com.ic.gc.ca/epic/internet/inecicceac.nsf/vwGeneratedInterE/h_gv00045e.html
[16]
The Platform for Privacy Preferences 1.0 Specification, World Wide Web Consortium Recommendation, April 2002. http://www.w3.org/TR/P3P/
[17]
Schunter M., Van Herreweghen E., Waidner M., Translating EPAL to P3P, IBM, March 2003, http://www.w3.org/2003/p3p-ws/pp/ibm2.html
[18]
Schunter M., Powell C., The Enterprise Privacy Authorization Language (EPAL), IBM, June, 2003. http://www.zurich.ibm.com/security/enterprise-privacy/epal/
[19]
M. Zuidweg, J. Filho, M. van Sinderen, Using P3P in a web services-based context aware application platform, Ninth EUNICE Workshop on Next Generation Networks, Hungary, Budapest, September, 2003.www.w3.org/2003/p3p-ws/pp/utwente.pdf

Cited By

View all
  • (2016)A view-based monitoring for usage control in web servicesDistributed and Parallel Databases10.1007/s10619-014-7169-334:2(145-178)Online publication date: 1-Jun-2016
  • (2010)Information rich monitoring of interoperating services in privacy enabled B2B networksInternational Journal of Advanced Media and Communication10.1504/IJAMC.2010.0346604:3(258-273)Online publication date: 1-Aug-2010
  • (2009)Monitoring-Based Approach for Privacy Data ManagementAdvances in Data Management10.1007/978-3-642-02190-9_11(225-247)Online publication date: 2009
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICEC '04: Proceedings of the 6th international conference on Electronic commerce
March 2004
684 pages
ISBN:1581139306
DOI:10.1145/1052220
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • ICEC: International Center for Electronic Commerce

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 March 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. compliance
  2. electronic commerce
  3. information transfer registry
  4. legislation
  5. privacy
  6. standards

Qualifiers

  • Article

Acceptance Rates

Overall Acceptance Rate 150 of 244 submissions, 61%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2016)A view-based monitoring for usage control in web servicesDistributed and Parallel Databases10.1007/s10619-014-7169-334:2(145-178)Online publication date: 1-Jun-2016
  • (2010)Information rich monitoring of interoperating services in privacy enabled B2B networksInternational Journal of Advanced Media and Communication10.1504/IJAMC.2010.0346604:3(258-273)Online publication date: 1-Aug-2010
  • (2009)Monitoring-Based Approach for Privacy Data ManagementAdvances in Data Management10.1007/978-3-642-02190-9_11(225-247)Online publication date: 2009
  • (2008)A citizen privacy protection model for e-government mashup servicesProceedings of the 2008 international conference on Digital government research10.5555/1367832.1367866(188-196)Online publication date: 18-May-2008
  • (2008)A Model of Trusted Data Collection for Knowledge Discovery in B2B NetworksProceedings of the 2008 International MCETECH Conference on e-Technologies10.1109/MCETECH.2008.22(60-69)Online publication date: 23-Jan-2008
  • (2007)An audit trail service to enhance privacy compliance in federated identity managementProceedings of the 2007 conference of the center for advanced studies on Collaborative research10.1145/1321211.1321230(175-187)Online publication date: 22-Oct-2007
  • (2007)Analysis of the Use of Privacy-Enhancing Technologies to Achieve PIPEDA Compliance in a B2C e-Business ModelEighth World Congress on the Management of eBusiness (WCMeB 2007)10.1109/WCMEB.2007.35(6-6)Online publication date: Jul-2007
  • (2007)Addressing Privacy in a Federated Identity Management Network for EHealthEighth World Congress on the Management of eBusiness (WCMeB 2007)10.1109/WCMEB.2007.34(12-12)Online publication date: Jul-2007
  • (2006)A comparison of two privacy policy languagesProceedings of the 3rd ACM workshop on Secure web services10.1145/1180367.1180378(53-60)Online publication date: 3-Nov-2006

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media