A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Privacy policy enforcement in enterprises with identity management solutions
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Privacy policy enforcement in enterprises with identity management solutions
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A systematic approach to privacy enforcement and policy compliance checking in enterprises
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Hi-index | 0.00 |
This paper describes issues and requirements related to privacy management as an aspect of improved governance in enterprises. Most of the existing related technical work is based on auditing and reporting mechanisms. The focus of this paper is on privacy enforcement for personal data: this is still a green field. To enforce the execution of privacy policies, requests to access personal data need to be checked against data requestors' rights and intents, data subjects' consent and the stated data purposes. Being able to automate and simplify the enforcement of privacy and reduce the involved costs is important for enterprises. We describe our approach and compare it against related work. In particular, we discuss our work done to add privacy-aware access control capabilities to HP Select Access – a leading-edge access control solution. A prototype has been implemented as a proof of concept. Current results, open issues and next steps are discussed.