The Community for Technology Leaders
2016 IEEE Security and Privacy Workshops (SPW) (2016)
San Jose, CA, USA
May 22, 2016 to May 26, 2016
ISBN: 978-1-5090-3691-2
pp: 1-8
ABSTRACT
Widespread sharing of scientific datasets holds great promise for new scientific discoveries and great risks for personal privacy. Dataset handling policies play the critical role of balancing privacy risks and scientific value. We propose an extensible, formal, theoretical model for dataset handling policies. We define binary operators for policy composition and for comparing policy strictness, such that propositions like "this policy is stricter than that policy" can be formally phrased. Using this model, The policies are described in a machine-executable and human-readable way. We further present the Tags programming language and toolset, created especially for working with the proposed model. Tags allows composing interactive, friendly questionnaires which, when given a dataset, can suggest a data handling policy that follows legal and technical guidelines. Currently, creating such a policy is a manual process requiring access to legal and technical experts, which are not always available. We present some of Tags' tools, such as interview systems, visualizers, development environment, and questionnaire inspectors. Finally, we discuss methodologies for questionnaire development. Data for this paper include a questionnaire for suggesting a HIPAA compliant data handling policy, and formal description of the set of data tags proposed by the authors in a recent paper.
INDEX TERMS
Data handling, Cryptography, Law, Data privacy, Interviews
CITATION

M. Bar-Sinai, L. Sweeney and M. Crosas, "DataTags, Data Handling Policy Spaces and the Tags Language," 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, USA, 2016, pp. 1-8.
doi:10.1109/SPW.2016.11
183 ms
(Ver 3.3 (11022016))