Privacy-Enabled Services for Enterprises
DEXA '02 Proceedings of the 13th International Workshop on Database and Expert Systems Applications
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A middleware architecture for privacy protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Obligations: Building a Bridge between Personal and Enterprise Privacy in Pervasive Computing
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Accountability as a Way Forward for Privacy Protection in the Cloud
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
A digital rights management model for healthcare
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Enhancing privacy in cloud computing via policy-based obfuscation
The Journal of Supercomputing
Hi-index | 0.00 |
It is common practice for enterprises and other organisations to ask people to disclose their personal data in order to grant them access to services and engage in transactions. This practice is not going to disappear, at least in the foreseeable future. Most enterprises need personal information to run their businesses and provide the required services, many of whom have turned to identity management solutions to do this in an efficient and automated way. Privacy laws dictate how enterprises should handle personal data in a privacy compliant way: this requires dealing with privacy rights, permissions and obligations. It involves operational and compliance aspects. Currently much is done by means of manual processes, which make them difficult and expensive to comply with. A key requirement for enterprises is being able to leverage their investments in identity management solutions. This paper focuses on how to automate the enforcement of privacy within enterprises in a systemic way, in particular privacy-aware access to personal data and enforcement of privacy obligations: this is still open to innovation. We introduce our work in these areas: core concepts are described along with our policy enforcement models and related technologies. Two prototypes have been built as a proof of concept and integrated with state-of-the-art (commercial) identity management solutions to demonstrate the feasibility of our work. We provide technical details, discuss open issues and our next steps.