ENCORE: TOWARDS A HOLISTIC APPROACH TO PRIVACY
Nick Papanikolaou, Sadie Creese, Michael Goldsmith, Marco Casassa Mont, Siani Pearson
2010
Abstract
We make the case for an integrated approach to privacy management within organisations. Current approaches to privacy management are either too high-level, enforcing privacy of personal data using legal compliance, risk and impact assessments, or too low-level, focusing only on the technical implementation of access controls to personal data held by an enterprise. High-level approaches tend to address privacy as an afterthought in ordinary business practice, and involve ad hoc enforcement practices; low-level approaches often leave out important legal and business considerations. As part of the EnCoRe project we are developing a methodology which tries to bridge the gap between privacy risk and impact assessment with the technical management of privacy policies. We are working to define a conceptual model as a means of expressing policy requirements as well as users’ privacy preferences and as a way to bridge the gap described above. We aim to show the value of this approach in collaborative case studies (including corporate personnel management, biobanks and assisted living) in the context of the EnCoRe project.
References
- Marco Casassa Mont (2006). On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling Practices. Proceedings ofW3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, 17- 18 October 2006, Ispra, Italy.
- Marco Casassa Mont, Siani Pearson, Gina Kounga, Yun Shen, and Pete Bramhall (2009). On the Management of Consent and Revocation in Enterprises: Setting the Context.Technical Report HPL-2009-49, HP Labs, Bristol.
- L. Cranor, B. Dobbs, S. Egelman, G. Hogben, J. Humphrey, M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. M. Reagle, M. Schunter, D. A. Stampley, and R. Wenning (2006). The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. World Wide Web Consortium Note NOTEP3P11- 20061113.
- Marco Casassa Mont, Robert Thyne, Privacy Policy Enforcement in Enterprises with Identity Management Solutions, PST 2006, 2006.
- Qun Ni, Alberto Trombetta, Elisa Bertino, and Jorge Lobo (2007). Privacy-aware role based access control. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (Sophia Antipolis, France, June 20-22, 2007). ACM, New York, pp. 41- 50.
- Rodolfo Ferrini, Elisa Bertino (2009). A Comprehensive Approach for Solving Policy Heterogeneity. In ICEIS 2009 -Proceedings of the 11th International Conference on Enterprise Information Systems (Milan, Italy, May 6-10, 2009), pp. 63-68.
- Ioannis Agrafiotis, Sadie Creese, Michael Goldsmith, and Nikolaos Papanikolaou (2009). Reaching for Informed Revocation: Shutting Off the Tap on Personal Data. Proceedings of Fifth International Summer School on Privacy and Identity Management for Life (Nice, France, 7th - 11th September 2009).
Paper Citation
in Harvard Style
Papanikolaou N., Creese S., Goldsmith M., Casassa Mont M. and Pearson S. (2010). ENCORE: TOWARDS A HOLISTIC APPROACH TO PRIVACY . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 171-176. DOI: 10.5220/0002987501710176
in Bibtex Style
@conference{secrypt10,
author={Nick Papanikolaou and Sadie Creese and Michael Goldsmith and Marco Casassa Mont and Siani Pearson},
title={ENCORE: TOWARDS A HOLISTIC APPROACH TO PRIVACY},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={171-176},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002987501710176},
isbn={978-989-8425-18-8},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - ENCORE: TOWARDS A HOLISTIC APPROACH TO PRIVACY
SN - 978-989-8425-18-8
AU - Papanikolaou N.
AU - Creese S.
AU - Goldsmith M.
AU - Casassa Mont M.
AU - Pearson S.
PY - 2010
SP - 171
EP - 176
DO - 10.5220/0002987501710176