This Article 
 Bibliographic References 
 Add to: 
Sticky Policies: An Approach for Managing Privacy across Multiple Parties
Sept. 2011 (vol. 44 no. 9)
pp. 60-68
Siani Pearson, HP Labs, Bristol
Marco Casassa Mont, HP Labs, Bristol
Machine-readable policies can stick to data to define allowed usage and obligations as it travels across multiple parties, enabling users to improve control over their personal information. The EnCoRe project has developed such a technical solution for privacy management that is suitable for use in a broad range of domains.

1. S. Pearson, T. Sander, and R. Sharma, "Privacy Management for Global Organisations," Data Privacy Management and Autonomous Spontaneous Security, LNCS 5939, Springer, 2009, pp. 9-17.
2. Organization for Economic Cooperation and Development, "OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data," 1980;,3343,en_2649_34255_1815186_1_1_1_1,00.html .
3. S. Pearson and D. Allison, "Privacy Compliance Checking Using a Model-Based Approach," E-Business Applications for Product Development and Competitive Growth: Emerging Technologies, IGI Global, 2011, pp. 199-220.
4. G. Karjoth, M. Schunter, and M. Waidner, "Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data," Proc. 2nd Workshop Privacy Enhancing Technologies (PET 02), LNCS 2482, Springer, 2002, pp. 69-84.
5. M. Casassa Mont, S. Pearson, and P. Bramhall, "Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services", 2003; .
6. S. Pearson, M. Casassa Mont, and G. Kounga, "Enhancing Accountability in the Cloud via Sticky Policies," Secure and Trust Computing, Data Management and Applications, vol. 187, Springer, 2011, pp. 146-155.
7. D. Boneh and M.K. Franklin, "Identity-Based Encryption from the Weil Pairing," SIAM J. Computing, vol. 32, no. 3, 2003, pp. 586-615.
8. M. Casassa Mont, S. Pearson, and P. Bramhall, "Towards User Control and Accountable Management of Privacy and Identity Information," Proc. 8th European Symp. Research in Computer Security (ESORICS 03), LNCS 2808, Springer, 2003, pp. 146-161.
9. H.C. Pöhls, "Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data," Proc. 10th Int'l Conf. Information and Communications Security (ICICS 08), LNCS 5308, Springer, 2008, pp. 279-293.
10. A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, 1979, pp. 612-613.
11. Y. Zuo and T. Keefe, "Post-Release Information Privacy Protection: A Framework and Next-Generation Privacy-Enhanced Operating System," Information Systems Frontiers, vol. 9, no 5, pp. 451-467.
12. L. Perez-Freire et al., "Watermarking Security: A Survey," Trans. Data Hiding and Multimedia Security, LNCS 4300, Springer, 2006, pp. 41-72.
13. R. Bayardo and R. Agrawal, "Data Privacy through Optimal k-Anonymisation," Proc. Int'l Conf. Data Engineering (ICDE 05), IEEE CS Press, 2005, pp. 217-228.
14. S. Pearson, "Toward Accountability in the Cloud," IEEE Internet Computing, July/Aug. 2011, pp. 64-69.

Index Terms:
Security and privacy, Sticky policies, Privacy management, EnCoRe
Siani Pearson, Marco Casassa Mont, "Sticky Policies: An Approach for Managing Privacy across Multiple Parties," Computer, vol. 44, no. 9, pp. 60-68, Sept. 2011, doi:10.1109/MC.2011.225
Usage of this product signifies your acceptance of the Terms of Use.