TOWARDS DATA PROTECTION COMPLIANCE

Nicola Zannone, Milan Petkovič, Sandro Etalle

2010

Abstract

Privacy and data protection are fundamental issues nowadays for every organization. This paper calls for the development of methods, techniques and infrastructure to allow the deployment of privacy-aware IT systems, in which humans are integral part of the organizational processes and accountable for their possible misconduct. In particular, we discuss the challenges to be addressed in order to improve organizations privacy practices, as well as the approach to ensure compliance with legal requirements and increasing efficiency.

References

  1. Backes, M., Karjoth, G., Bagga, W., and Schunter, M. (2004). Efficient comparison of enterprise privacy policies. In Proc. of SAC'04, pages 375-382. ACM.
  2. Byun, J.-W. and Li, N. (2008). Purpose based access control for privacy protection in relational database systems. VLDBJ, 17(4):603-619.
  3. Cederquist, J. G., Corin, R. J., Dekker, M. A. C., Etalle, S., den Hartog, J. I., and Lenzini, G. (2007). Auditbased compliance control. International Journal of Information Security, 6(2-3):133-151.
  4. Chapin, P. C., Skalka, C., and Wang, X. S. (2008). Authorization in trust management: Features and foundations. ACM Comput. Surv., 40(3):1-48.
  5. Dijkman, R. M., Dumas, M., and Ouyang, C. (2008). Semantics and analysis of business process models in BPMN. Information and Software Technology, 50(12):1281-1294.
  6. Guarda, P. and Zannone, N. (2009). Towards the Development of Privacy-Aware Systems. Information and Software Technology, 51(2):337-350.
  7. Hamlen, K. W., Morrisett, G., and Schneider, F. B. (2006). Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst., 28(1):175-205.
  8. Hilty, M., Basin, D. A., and Pretschner, A. (2005). On Obligations. In Proc. of ESORICS'05, LNCS 3679, pages 98-117. Springer.
  9. Karjoth, G., Schunter, M., and Waidner, M. (2002). Platform for Enterprise Privacy Practices: Privacyenabled Management of Customer Data. In Proc. of PET'02, LNCS 2482, pages 69-84. Springer.
  10. Ligatti, J., Bauer, L., and Walker, D. (2009). Run-time enforcement of nonsafety policies. TISSEC, 12(3):1-41.
  11. Park, J. and Sandhu, R. (2004). The UCONABC usage control model. TISSEC, 7(1):128-174.
  12. Prandi, D., Quaglia, P., and Zannone, N. (2008). Formal analysis of BPMN via a translation into COWS. In Proc. of COORDINATION 2008, LNCS 5052, pages 249-263. Springer.
  13. Rosenblatt, W., Mooney, S., and Trippe, W. (2001). Digital Rights Management: Business and Technology. John Wiley & Sons, Inc., New York, NY, USA.
  14. Samarati, P. and di Vimercati, S. D. C. (2001). Access Control: Policies, Models, and Mechanisms. In FOSAD 2001/2002, LNCS 2946, pages 137-196. Springer.
Download


Paper Citation


in Harvard Style

Zannone N., Petkovič M. and Etalle S. (2010). TOWARDS DATA PROTECTION COMPLIANCE . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 213-216. DOI: 10.5220/0002981802130216


in Bibtex Style

@conference{secrypt10,
author={Nicola Zannone and Milan Petkovič and Sandro Etalle},
title={TOWARDS DATA PROTECTION COMPLIANCE},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={213-216},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002981802130216},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - TOWARDS DATA PROTECTION COMPLIANCE
SN - 978-989-8425-18-8
AU - Zannone N.
AU - Petkovič M.
AU - Etalle S.
PY - 2010
SP - 213
EP - 216
DO - 10.5220/0002981802130216