A Privacy Policy Model for Enterprises

CC
CSFW
2002
15th IEEE Computer Security Foundations Workshop (CSFW'02)
Abstract - A Privacy Policy Model for Enterprises

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Günter Karjoth Articles by Matthias Schunter

15th IEEE Computer Security Foundations Workshop (CSFW'02)

Cape Breton, Nova Scotia, Canada

June 24-June 26

ISBN: 0-7695-1689-0

	ASCII Text	x
	Günter Karjoth, Matthias Schunter, "A Privacy Policy Model for Enterprises," Computer Security Foundations Workshop, IEEE, pp. 271, 15th IEEE Computer Security Foundations Workshop (CSFW'02), 2002.

	BibTex	x
	@article{ 10.1109/CSFW.2002.1021821, author = {Günter Karjoth and Matthias Schunter}, title = {A Privacy Policy Model for Enterprises}, journal ={Computer Security Foundations Workshop, IEEE}, volume = {0}, year = {2002}, issn = {1063-6900}, pages = {271}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSFW.2002.1021821}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Workshop, IEEE TI - A Privacy Policy Model for Enterprises SN - 1063-6900 SP EP A1 - Günter Karjoth, A1 - Matthias Schunter, PY - 2002 KW - null VL - 0 JA - Computer Security Foundations Workshop, IEEE ER -

Günter Karjoth, IBM Research

Matthias Schunter, IBM Research

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSFW.2002.1021821

Privacy is an increasing concern in the marketplace. Although enterprises promise sound privacy practices to their customers, there is no technical mechanism to enforce them internally. In this paper; we describe a privacy policy model that protects personal data from privacy violations by means enforcing enterprise-wide privacy policies. By extending Jajodia et al. Flexible Authorization Framework (FAF) with grantors and obligations, we create a privacy control language that includes user consent, obligations, and distributed administration. Conditions impose restrictions on the use of the collected data, such as modeling guardian consent and options. Access decisions are extended with obligations, which list a set of activities that must be executed together with the access request. Grantors allow to define a separation of duty between the security officer and the privacy officer.

Citation:

Günter Karjoth, Matthias Schunter, "A Privacy Policy Model for Enterprises," csfw, pp.271, 15th IEEE Computer Security Foundations Workshop (CSFW'02), 2002

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.