Privacy and Utility in Business Processes

From Tetherless World Wiki

\begin{bibtex}

 @inproceedings{Barth-Mitchell-Datta-Sundaram-07,
author = {Adam Barth and John Mitchell and Anupam Datta and Sharda Sundaram},
title = {Privacy and Utility in Business Processes},
booktitle = {20th IEEE Computer Security Foundations Symposium (CSF'07)},
year = {2007},
pages = {279-294},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
abstract = {We propose an abstract model of business processes for the
purpose of (i) evaluating privacy policy in light of the goals of the
process and (ii) developing automated support for privacy policy
compliance and audit. In our model, agents that send and receive
tagged personal information are assigned organizational roles and
responsibilities. We present approaches and algorithms for determining
whether a business process design simultaneously achieves privacy and
the goals of the organization (utility). The model also allows us to
develop a notion of minimal exposure of personal information, for a
given process. We investigate the problem of auditing with inexact
information and develop methods to identify a set of potentially
culpable individuals when privacy is breached. The audit methods draw
on traditional causality concepts to reduce the effort needed to
search audit logs for irresponsible actions.},
topic = {Privacy}
}

\end{bibtex}