Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Privacy Enforcement for IT Governance in Enterprises: Doing It for Real

  • Conference paper
Trust, Privacy, and Security in Digital Business (TrustBus 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3592))

Abstract

This paper describes issues and requirements related to privacy management as an aspect of improved governance in enterprises. Most of the existing related technical work is based on auditing and reporting mechanisms. The focus of this paper is on privacy enforcement for personal data: this is still a green field. To enforce the execution of privacy policies, requests to access personal data need to be checked against data requestors’ rights and intents, data subjects’ consent and the stated data purposes. Being able to automate and simplify the enforcement of privacy and reduce the involved costs is important for enterprises. We describe our approach and compare it against related work. In particular, we discuss our work done to add privacy-aware access control capabilities to HP Select Access – a leading-edge access control solution. A prototype has been implemented as a proof of concept. Current results, open issues and next steps are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Rotemberg, M., Laurant, C.: Privacy International: Privacy and Human Rights 2004: an International Survey of Privacy Laws and Developments, Electronic Privacy Information Center (EPIC), Privacy International (2004), http://www.privacyinternational.org/survey/phr2004/

  2. OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), http://www1.oecd.org/publications/e-book/9302011E.PDF

  3. Online Privacy Alliance: Guidelines for Online Privacy Policies. Online Privacy Alliance (2004), http://www.privacyalliance.org/

  4. Karjoth, G., Schunter, M.: A Privacy Policy Model for Enterprises. IBM Research, Zurich. In: 15th IEEE Computer Foundations Workshop (2002)

    Google Scholar 

  5. IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL 1.1 specification. IBM (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/

  6. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases IBM Almaden Research Center (2002), http://www.almaden.ibm.com/cs/people/srikant/papers/vldb02.pdf

  7. IBM Tivoli Privacy Manager: online technical documentation, http://publib.boulder.ibm.com/tividd/td/PrivacyManagerfore-business1.1.html

  8. HP: HP Openview Select Access - Overview and Features, http://www.openview.hp.com/products/select/

  9. Casassa Mont, M.: Dealing with privacy obligations: Important aspects and technical approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120–131. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Baldwin, A.: Enhanced accountability for electronic processes. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 319–332. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  11. Salle, M.: IT Service Management and IT Governance: Review, Comparative Analysis and their impact on Utility Computing, HP Labs (2004), http://www.hpl.hp.com/techreports/2004/HPL-2004-98.html

  12. Casassa Mont, M.: On Adaptive Identity Management: The Next Generation of Identity Management Solutions, HP Labs (2003), http://www.hpl.hp.com/techreports/2003/HPL-2003-149.pdf

  13. Casassa Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement with HP Select Access for Regulatory Compliance, HP Labs (2005), http://www.hpl.hp.com/techreports/2005/HPL-2005-10.html

Download references

Author information

Authors and Affiliations

  1. Trusted Systems Lab, Hewlett-Packard Labs, BS34 8QZ, Bristol, United Kingdom

    Marco Casassa Mont, Robert Thyne & Pete Bramhall

Authors
  1. Marco Casassa Mont
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert Thyne
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pete Bramhall
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Technology Education and Digital Systems, University of Piraeus, 150 Androutsou St., GR-18532, Pireaus, Greece

    Sokratis Katsikas

  2. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier López

  3. University of Regensburg, Universitätsstraße 31, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mont, M.C., Thyne, R., Bramhall, P. (2005). Privacy Enforcement for IT Governance in Enterprises: Doing It for Real. In: Katsikas, S., López, J., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2005. Lecture Notes in Computer Science, vol 3592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11537878_23

Download citation

  • DOI: https://doi.org/10.1007/11537878_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28224-2

  • Online ISBN: 978-3-540-31796-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation