Privacy policy enforcement in enterprises with identity management solutions

Authors:
Marco Casassa Mont;Robert Thyne
Affiliations:
(Correspd. Tel.: +44 117 3128795/ Fax: +44 117 3129250/ E-mail: marco.casassa-mont@hp.com) Hewlett-Packard Labs, Filton Road, Stoke Gifford, Bristol, BS34 8QZ, UK. E-mail: marco.casassa-mont@hp.co ...;Hewlett-Packard (Canada Co.), 901 King Street West, Toronto, M5V 3H5, Canada. E-mail: Robert.thyne@hp.com
Venue:
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Year:
2008

Citing 7
Cited 2

Privacy-Enabled Services for Enterprises

DEXA '02 Proceedings of the 13th International Workshop on Database and Expert Systems Applications
A Privacy Policy Model for Enterprises

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Privacy policy enforcement in enterprises with identity management solutions

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Platform for enterprise privacy practices: privacy-enabled management of customer data

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Enhancing user privacy through data handling policies

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Privacy enforcement for IT governance in enterprises: doing it for real

TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Towards privacy-enhanced authorization policies and languages

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security

Using and managing multiple passwords: A week to a view

Interacting with Computers
Information privacy?!

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

People are usually asked by enterprises to disclose their personal information to access web services and engage in business interactions. Enterprises need this information to enable their business processes. This is unlikely to change, at least in the foreseeable future. When collecting personal data, enterprises must satisfy privacy laws and policies along with addressing people's expectations on how their data should be handled. Currently much is done by means of manual processes, in particular in terms of privacy enforcement: these processes are prone to mistakes and hard to comply with. Automation can help enterprises to deal with these privacy management issues, in particular the enforcement of privacy policies on collected personal data. Enterprises have already been investing in identity management solutions: they require that approaches to automate privacy management should keep into account and leverage these solutions. This paper discusses our research and development work to automate the enforcement of privacy policies in enterprises. Our model of privacy policy enforcement is introduced along with the technical details of a related prototype, integrated (as a proof of concept) with HP Select Access, a state-of-the-art identity management solution. This technology is currently under productisation. We discuss our current results and next steps.