52,808 Hits in 3.4 sec

A privacy policy model for enterprises

G. Karjoth, M. Schunter
Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15  
In this paper, we describe a privacy policy model that protects personal data from privacy violations by means of enforcing enterprise-wide privacy policies. By extending Jajodia et al.'  ...  Privacy is an increasing concern in the marketplace. Although enterprises promise sound privacy practices to their customers, there is no technical mechanism to enforce them internally.  ...  The members of IBM's Enterprise Privacy Architecture team were a valuable source not only of stringent requirements for but also solid expertise on data privacy.  ... 
doi:10.1109/csfw.2002.1021821 dblp:conf/csfw/KarjothS02 fatcat:sugnpq5inffnnhlutihqaeubfu

An Empirical Study of Platform Enterprises' Privacy Protection Behaviors Based on fsQCA

Yaojia Tang, Luna Wang, Rutvij Jhaveri
2022 Security and Communication Networks  
a high level of protection and two configuration conditions were associated with enterprises formulating a privacy policy with a low level of protection.  ...  Using a fuzzy set qualitative comparative analysis of Chinese listed platform enterprises, we found that three configuration conditions were associated with enterprises formulating a privacy policy with  ...  He Cui for providing a professional legal evaluation of the privacy policies. is work was supported by the Key Project of the National Social Science Fund of China (Grant no. 19AJY004), Department of Education  ... 
doi:10.1155/2022/9517769 fatcat:p6dbu65xyrab5l6w3frmdabh3y

Designing privacy policies for adopting RFID in the retail industry

Haifei Li, P.C.K. Hung, Jia Zhang, D. Ahn
2005 2005 IEEE International Conference on Services Computing (SCC'05) Vol-1  
In this paper, we propose a role-based, enterprise-level, RFID-oriented privacy authorization model for supporting the privacy policies in utilizing RFID in retail industry.  ...  an enterprise-wide privacy policy for managing and enforcing individual privacy preferences.  ...  We implemented the core privacy policies in our model utilizing essential constructs of Enterprise Privacy Authorization Language (EPAL).  ... 
doi:10.1109/scc.2005.44 dblp:conf/IEEEscc/LiHZA05 fatcat:t6dcrdecpzc5dbedmhcb4na36a

A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises [chapter]

Marco Casassa Mont, Robert Thyne
2006 Lecture Notes in Computer Science  
A key requirement for enterprises is being able to leverage their investments in identity management solutions.  ...  We introduce our work in these areas: core concepts are described along with our policy enforcement models and related technologies.  ...  The main aspects of this model are: a) A mechanism for the explicit modelling of personal data that are subject to privacy policies: this mechanism provides a description of data including the type of  ... 
doi:10.1007/11957454_7 fatcat:eb44saf5t5dafcnfslw2fwpvtu

A roadmap for comprehensive online privacy policy management

Annie I. Antón, Elisa Bertino, Ninghui Li, Ting Yu
2007 Communications of the ACM  
Enterprises need mechanisms to ensure that their systems are compliant with both the policies they articulate and law.  ...  Moreover, they need to understand how to specify, deploy, communicate and enforce privacy policies.  ...  Enterprise Side: To support the complete life-cycle of a privacy policy, the framework's enterprise side is organized according to a three-tier model.  ... 
doi:10.1145/1272516.1272522 fatcat:optjvlmf2zg4pllr2nm4ll7tza

Privacy Issues of Applying RFID in Retail Industry

Haifei Li, Patrick C.K. Hung, Jia Zhang, David Ahn
2006 International Journal of Cases on Electronic Commerce  
In this study, we analyze the potential privacy issue of RFID utilization, and we propose a privacy authorization model aiming for precisely defining RFID privacy policies for the retail industry.  ...  With the dramatic price drop of RFID tags, it is possible that RFID be applied to individual items sold by a retailer. However, the RFID technology poses critical privacy challenges.  ...  Acknowledgement This research is partly funded by a discovery grant (NSERC PIN: 290666) from the Natural Science and Engineering Research Council (NSERC) of Canada.  ... 
doi:10.4018/jcec.2006070103 fatcat:4bwujqqcqfazrov23b2apc3xoq

A Model-Based Privacy Compliance Checker

Siani Pearson, Damien Allison
2009 International Journal of E-Business Research  
privacy, e-business organization, compliance checking, modeling, governance Increasingly, e-business organisations are coming under pressure to be compliant to a range of privacy legislation, policies  ...  There is a clear need for high-level management and administrators to be able to assess in a dynamic, customisable way the degree to which their enterprise complies with these.  ...  The model shown in Figure 4 focuses on assessing the deployment of a particular privacy policy enforcement system which is targeted at allowing both user preferences and enterprise policies to be taken  ... 
doi:10.4018/jebr.2009040104 fatcat:hp2shyemm5cipinrc2qlbiuxtu

Privacy management system using social networking

Ronggong Song, Larry Korba, George Yee
2007 2007 IEEE International Conference on Systems, Man and Cybernetics  
workflow models, and support automated privacy management within an organization.  ...  In this paper, we expose the limitations of existing privacy management systems, and present a privacy management system that exploits social network analysis, which can automatically discover the privacy-related  ...  subject and enterprise privacy administrator to manage their privacy policies.  ... 
doi:10.1109/icsmc.2007.4414220 dblp:conf/smc/SongKY07 fatcat:pps6nzqvu5eftjszhc22paacva

A Conceptual Model for Privacy Policies with Consent and Revocation Requirements [chapter]

Marco Casassa Mont, Siani Pearson, Sadie Creese, Michael Goldsmith, Nick Papanikolaou
2011 IFIP Advances in Information and Communication Technology  
This paper proposes a conceptual model for privacy policies that takes into account privacy requirements arising from different stakeholders, with legal, business and technical backgrounds.  ...  A consent and revocation policy is different from a privacy policy in that it defines not enterprise practices with regards to personal data, but more specifically, for each item of personal data held  ...  Our future work will seek to validate and refine our conceptualisation of a policy hierarchy, specifically with a view to ensuring that our conceptual model for privacy policy is rich enough to cater for  ... 
doi:10.1007/978-3-642-20769-3_21 fatcat:zyj76lcy7rawjn3hkpl2weaiwa


2007 International journal of software engineering and knowledge engineering  
the Tropos modeling framework where tools are available for checking the correctness and consistency of privacy requirements.  ...  We propose a procedure for automatically extracting privacy requirements from databases supporting access control mechanisms for personal data (hereafter Hippocratic databases) and representing them in  ...  Firstly, it provides a representation of the enterprise privacy policy in a modeling framework where formal tools are available for model checking (see Ref. 16 ).  ... 
doi:10.1142/s0218194007003239 fatcat:bbafhllbazhifixn5x2cfnuwce

Towards standardized Web services privacy technologies

P.C.K. Hung, E. Ferrari, B. Carminati
2004 Proceedings. IEEE International Conference on Web Services, 2004.  
Web services are based on a set of  ...  A Web service is defined as an autonomous unit of application logic that provides either some business functionality or information to other applications through an Internet connection.  ...  For example, an enterprise A's privacy policy can refer to a vocabulary defined by an enterprise B.  ... 
doi:10.1109/icws.2004.1314737 dblp:conf/icws/HungFC04 fatcat:j7e6rt7tunfzzhoscoeed4xzt4

A Methodology for Eliciting Data Privacy Requirements and Resolving Conflicts

2019 International journal of recent technology and engineering  
To ensure privacy compliance with legal policies, enterprise privacy principles and expectations of customers, the system design should consider the privacy requirements emanating from all these sources  ...  Privacy is one of the major concerns of data protection where personal data of individuals are used by enterprises for providing services.  ...  The number of policies of an enterprise can be numerous but for our purpose two small example sets of privacy policies of a university are considered as legal privacy requirements and enterprise privacy  ... 
doi:10.35940/ijrte.d9049.118419 fatcat:jbm2m7e2lfetndysi2qvrmr7c4

Privacy Is Linking Permission to Purpose [chapter]

Fabio Massacci, Nicola Zannone
2006 Lecture Notes in Computer Science  
We advocate another model that is closer to the "physical" world: we consider our privacy respected when our personal data is used for the purpose for which we gave it in the first place.  ...  The last years have seen a peak in privacy related research. The focus has been mostly on how to protect the individual from being tracked, with plenty of anonymizing solutions.  ...  EPAL aims at formalizing enterprise-internal privacy policies. This requires a vocabulary that formalizes the privacy relevant aspects of an enterprise.  ... 
doi:10.1007/11861386_20 fatcat:fcp26gp4bbhknehime2n6aylqm

A Forensic Framework for Handling Information Privacy Incidents [chapter]

Kamil Reddy, Hein Venter
2009 IFIP Advances in Information and Communication Technology  
This paper presents a framework designed to assist enterprises in implementing a forensic readiness capability for information privacy incidents.  ...  In particular, the framework provides guidance for specifying high-level policies, business processes and organizational functions, and for determining the device-level forensic procedures, standards and  ...  Privacy policies in the framework are split into an internal privacy policy for employees of the enterprise (Block H9) and privacy policies for data subjects (Block H10).  ... 
doi:10.1007/978-3-642-04155-6_11 fatcat:3ozomeas4fhanpv3lwh5cknsty

Securing B2B Pervasive Information Sharing between Healthcare Providers: Enabling the Foundation for Evidence based Medicine

Rajesh Vargheese, Prashant Prabhudesai
2014 Procedia Computer Science  
Evidence based Medicine is emerging as a key process in Health care to enable insights driven quality care for individual patients.  ...  The old methods of securing enterprises using perimeter defense models are likely to fall short; hence new innovative methods such as dynamic learning threat defense systems that perform rapid detection  ...  As more and more people get access to the data, trust becomes a concern since privacy safeguards and policies differ from enterprise to enterprise.  ... 
doi:10.1016/j.procs.2014.08.078 fatcat:7hrjahtopvb33e6e67kpjbwtzm
« Previous Showing results 1 — 15 out of 52,808 results