Enforcing purpose of use via workflows
Proceedings of the 8th ACM workshop on Privacy in the electronic society
| Hi-index | 0.00 |
Firms have long collected and used various types of data about their current and potential customers. The explosive growth of Internet-enabled technologies presents a significant opportunity in this arena; however, both consumer sentiment and governmental regulation are quickly increasing the need for tools to manage the privacy of this data. The World Wide Web Consortium (W3C) has developed the Platform for Privacy Preferences Project (P3P) to address this need. One of the most serious gaps in P3P regards the enforcement of the privacy policies set forth by firms and agreed to by consumers. Few automated enforcement solutions exist, and their auditability is limited. The Privacy Aware Database Interface (PADI) provides a platform with which firms can ensure that the use of data collected by their Internet-enabled systems is compliant with the policies under which it was collected. PADI acts as a gatekeeper which requires that programs requesting data provide the purpose for which they will use that data. It then allows or denies access to the data according to the P3P privacy policy under which the data was collected. By presenting a uniform application programming interface (API) for this access, PADI provides auditing capability at the source code level. Primarily a research project, PADI has been implemented in limited prototype form, using Java Database Connectivity (JDBC) and Oracle technologies. While the prototype clearly has shortcomings, it effectively demonstrates how such a system could be successfully implemented. There are also several exciting potential enhancements that future projects may yet explore. Privacy management is a rapidly developing field of study, with great potential for tightening the relationships between firms and their customers while protecting personal information. PADI can be an effective solution for one part of that puzzle.