Mastering the requirements process
Mastering the requirements process
Goal-Mining to Examine Health Care Privacy Policies
Goal-Mining to Examine Health Care Privacy Policies
Financial Privacy Policies and the Need for Standardization
IEEE Security and Privacy
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
Formal consistency verification between BPEL process and privacy policy
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Towards Achieving Personalized Privacy for Location-Based Services
Transactions on Data Privacy
A Formalization of HIPAA for a Medical Messaging System
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Enforcing P3P policies using a digital rights management system
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Simplified privacy controls for aggregated services: suspend and resume of personal data
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
A practical generic privacy language
ICISS'10 Proceedings of the 6th international conference on Information systems security
Representing and reasoning about privacy abstractions
WISE'05 Proceedings of the 6th international conference on Web Information Systems Engineering
Towards high performance security policy evaluation
The Journal of Supercomputing
Traceable and automatic compliance of privacy policies in federated digital identity management
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Information flow control to secure dynamic web service composition
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
Engineering Financial Enterprise Content Management Services: Integration and Control
International Journal of Systems and Service-Oriented Engineering
| Hi-index | 0.00 |
As computing becomes more ubiquitous and Internet use continues to rise, it is increasingly important for organizations to construct accurate and effective privacy policies that document their information handling and usage practices. Most privacy policies are derived and specified in a somewhat ad-hoc manner, leading to policies that are of limited use to the consumers they are intended to serve. To make privacy policies more readable and enforceable, two privacy policy specification languages have emerged, P3P and EPAL. This paper discusses a case study in which the authors systematically formalized two real and complex, healthcare website privacy statements, and measured the results against well-known requirements engineering criteria.