A Privacy Policy Model for Enterprises

From Tetherless World Wiki

\begin{bibtex} @inproceedings{Karjoth-Schunter-02,

author = {G\"{u}nter Karjoth and Matthias Schunter},
title = {A Privacy Policy Model for Enterprises},
booktitle = {CSFW '02: Proceedings of the 15th IEEE workshop on
Computer Security Foundations},
year = {2002},
isbn = {0-7695-1689-0},
pages = {271},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
abstract = {Privacy is an increasing concern in the marketplace.
Although enterprises promise sound privacy practices to their
customers, there is no technical mechanism to enforce them internally.
In this paper; we describe a privacy policy model that protects
personal data from privacy violations by means enforcing
enterprise-wide privacy policies. By extending Jajodia et al.Flexible
Authorization Framework (FAF) with grantors and obligations, we create
a privacy control language that includes user consent, obligations,
and distributed administration. Conditions impose restrictions on the
use of the collected data, such as modeling guardian consent and
options. Access decisions are extended with obligations, which list a
set of activities that must be executed together with the access
request. Grantors allow to define a separation of duty between the
security officer and the privacy officer.},
topic = {Privacy}
}

\end{bibtex}