privacy, e-business organization, compliance checking, modeling, governance Increasingly, e-business organisations are coming under pressure to be compliant to a range of privacy legislation, policies and best practice. There is a clear need for high-level management and administrators to be able to assess in a dynamic, customisable way the degree to which their enterprise complies with these. We outline a solution to this problem in the form of a model-driven automated privacy process analysis

more »

... and configuration checking system. This system models privacy compliance constraints, automates the assessment of the extent to which a particular computing environment is compliant and generates dashboard-style reports that highlight policy failures. We have developed a prototype that provides this functionality in the context of governance audit; this includes the development of software agents to gather information on-the-fly regarding selected privacy enhancing technologies and other aspects of enterprise system configuration. This approach may also be tailored to enhance the assurance provided by existing governance tools. Abstract. Increasingly, e-business organisations are coming under pressure to be compliant to a range of privacy legislation, policies and best practice. There is a clear need for high-level management and administrators to be able to assess in a dynamic, customisable way the degree to which their enterprise complies with these. We outline a solution to this problem in the form of a modeldriven automated privacy process analysis and configuration checking system. This system models privacy compliance constraints, automates the assessment of the extent to which a particular computing environment is compliant and generates dashboard-style reports that highlight policy failures. We have developed a prototype that provides this functionality in the context of governance audit; this includes the development of software agents to gather information on-the-fly regarding selected privacy enhancing technologies and other aspects of enterprise system configuration. This approach may also be tailored to enhance the assurance provided by existing governance tools.