A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A privacy-enhanced attribute-based access control system
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Privacy inspection and monitoring framework for automated business processes
WISE'07 Proceedings of the 8th international conference on Web information systems engineering
A dynamic privacy model for web services
Computer Standards & Interfaces
| Hi-index | 0.00 |
Privacy management is important for enterprises that collect, store, access and disclose personal data. Among other things, the management of privacy includes dealing with privacy obligations that dictate duties and expectations an enterprise has to comply with, in terms of data retention, deletion, notice requirements, etc. This is still a green area open to research and innovation: it is about enabling privacy-aware information lifecycle management. This paper provides an overview of the work we have done in this space: definition of an obligation management model and a related framework; implementation of a prototype of an obligation management system integrated both in the context of the PRIME project and with an HP identity management solution. This paper then focuses on an important open issue: how to make our approach scalable, in case large amounts of personal data have to be managed. Thanks to our integration work and the feedback we received, we learnt more about how users and enterprises are likely to deal with privacy obligations. We describe these findings and how to leverage them. Specifically, in the final part of this paper we introduce and discuss the concepts of parametric obligation and “hybrid” obligation management and how this can improve the scalability and flexibility of our system. Our work is in progress. Further research and development is going to be done in the context of the PRIME project and an HP Labs project.