A Toolkit for Managing Enterprise Privacy Policies

11 years 10 months ago
A Toolkit for Managing Enterprise Privacy Policies
Abstract. Enterprise privacy enforcement allows enterprises to internally enforce a privacy policy that the enterprise has decided to comply to. An enterprise privacy policy often reflects different legal regulations, promises made to customers, as well as more restrictive internal practices of the enterprise. Further, it may allow customer preferences. Hence it may be authored, maintained, and audited in a distributed fashion. Our goal is to provide the tools for such management of enterprise privacy policies. The syntax and semantics is a superset of the Enterprise Privacy Authorization Language (EPAL) recently proposed by IBM. The basic definition is refinement, i.e., the question whether fulfilling one policy automatically fulfills another one. This underlies auditing of a policy against an old or new regulation or promise and transferring data into a realm with a different policy. It is also the semantic basis for composition operators. We further define such composition ope...
Michael Backes, Birgit Pfitzmann, Matthias Schunte
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Authors Michael Backes, Birgit Pfitzmann, Matthias Schunter
Comments (0)