Specifying privacy policies with P3P and EPAL: lessons learned
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Defining and Monitoring Service-Level Agreements for Dynamic e-Business
LISA '02 Proceedings of the 16th USENIX conference on System administration
Reckoning Legislative Compliances with Service Oriented Architecture A Proposed Approach
SCC '05 Proceedings of the 2005 IEEE International Conference on Services Computing - Volume 01
Super-sticky and declassifiable release policies for flexible information dissemination control
Proceedings of the 5th ACM workshop on Privacy in electronic society
Security and Trust in IT Business Outsourcing: a Manifesto
Electronic Notes in Theoretical Computer Science (ENTCS)
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Analyzing Regulatory Rules for Privacy and Security Requirements
IEEE Transactions on Software Engineering
Look who's talking: authenticating service access points
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Hi-index | 0.00 |
We present the challenges facing businesses wishing to outsource processes to service providers who must maintain regulatory compliance via data access control procedures. We argue that it is not currently possible to capture the nec- essary agreements, and supporting evidence, pertaining to the usage of data a client may send to a service provider. As a result, the richness of evidence and controls a client has available to it reduces when they choose to use an outsourcer, therefore lessening the business value of considering service outsourcing. The paper introduces a model to clarify these issues, which is implemented against a health-care scenario, to show how data usage in an outsourcing scenario can be better captured and controlled.