Abstract
The management and enforcement of privacy obligations is a challenging task: it involves legal, organizational, behavioral and technical aspects. This area is relevant for enterprises and government agencies that deal with personal identity information. Privacy and data protection laws already regulate some of the related aspects. Technical work has been done for the management of obligations subordinated to authorization aspects and simple data retention obligations: however, dealing with ongoing and long-term aspects of obligations is still a green field and open to research. This paper explores and analyses the explicit management of privacy obligations for identity information. It focuses on technical aspects even if the problem cannot be solved only by deploying technological solutions. Mechanisms are required to represent, manage, monitor and enforce obligation policies in complex and heterogeneous environments. Our research is work in progress: we illustrate some of our technical work and investigations in this space.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Laurant, C.: Privacy International: Privacy and Human Rights 2003: an International Survey of Privacy Laws and Developments, Electronic Privacy Information Center (EPIC), Privacy International (2003), http://www.privacyinternational.org/survey/phr2003/
OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), http://www1.oecd.org/publications/e-book/9302011E.PDF
Online Privacy Alliance: Guidelines for Online Privacy Policies. Online Privacy Alliance (2004), http://www.privacyalliance.org/
Karjoth, G., Schunter, M.: A Privacy Policy Model for Enterprises. In: 15th IEEE Computer Foundations Workshop, IBM Research, Zurich (2002)
Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacyenabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Schunter, M., Ashley, P.: The Platform for Enterprise Privacy Practices. IBM Zurich Research Laboratory (2002)
Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises. IBM Zurich Research Laboratory, TrustBus 2002 (2002)
IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL 1.1 specification. IBM (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Privacy and Identity Information. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 146–161. Springer, Heidelberg (2003)
IBM: IBM Tivoli Storage Manager for Data Retention (2004)
Bettini, C., Jajodia, S., Sean Wang, X., Wijesekera, D.: Obligation Monitoring in Policy Management (2002)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001)
Housley, R., Ford, W., Polk, W., Solo, D.: RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL profile. IETF (1999)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. IBM Almaden Research Center (2002)
Anderson, R.J.: The Eternity Service. In: Proc. PRAGO-CRYPT 1996, CTU Publishing House, Prague (1996)
Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivability: Protecting your Critical Systems. In: Proceeding of the International Conference of Requirements Engineering (1998)
Kubiatowicz, J., Bibdel, D., Chen, Y., Czerwinski, S., Eaton, P., Geels, D., Gummadi, R., Rhea, D., Weatherspoon, H., Weimer, W., Wells, C., Zao, B.: OceanStore: An Architecture for Global Scale Persistent Storage. In: ASPLOS 2000, University of California, Berkeley (2000)
Neumann, P.G.: Practical Architectures for Survivable Systems and Networks. SRI International, Army Research Lab (1999)
Wylie, J.J., Bigrigg, M.W., Strunk, J.D., Ganger, G.R., Kiliccote, H., Khosia, P.K.: Survivable Information Storage Systems. IEEE Computer (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Casassa Mont, M. (2004). Dealing with Privacy Obligations: Important Aspects and Technical Approaches. In: Katsikas, S., Lopez, J., Pernul, G. (eds) Trust and Privacy in Digital Business. TrustBus 2004. Lecture Notes in Computer Science, vol 3184. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30079-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-30079-3_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22919-3
Online ISBN: 978-3-540-30079-3
eBook Packages: Springer Book Archive