1 / 26

EPAL and Management of Privacy Obligations

EPAL and Management of Privacy Obligations. Marco Casassa Mont marco.casassa-mont@hp.com Trusted Systems Lab Hewlett-Packard Labs, Bristol, UK. 13-14 May 2004, Lubeck, Germany. Presentation Outline. HP Position on EPAL Privacy Obligation Management and Technical Solution

lsack
Download Presentation

EPAL and Management of Privacy Obligations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EPAL and Management of Privacy Obligations Marco Casassa Mont marco.casassa-mont@hp.com Trusted Systems Lab Hewlett-Packard Labs, Bristol, UK 13-14 May 2004, Lubeck, Germany

  2. Presentation Outline • HP Position on EPAL • Privacy Obligation Management and Technical Solution • leveraging EPAL • Additional Requirements for EPAL • Conclusions

  3. HP Position on EPAL • HP Supports the Standardisation Process of EPAL. • The current EPAL Version is a starting point towards • a standard • HP Labs are interested in Investigating and Researching • the usage of EPAL in a variety of contexts, including: • - Research Prototypes • - Commercial Offering

  4. Using EPAL for Management of Privacy Obligations • Importance of dealing with Privacy Obligations • - Need to be compliant with Laws, Legislation, • Organisations’ Guidelines, Customers’ Requests … • EPAL provides a framework to deal with Privacy Policies • HP Labs/TSL is researching in the context of Privacy Obligation • Management for Enterprises: • - Exploring how to leverage EPAL … • Research and work (partially) done in EU PRIME

  5. Privacy Obligations • Dictated by Laws, Legislation, • Organisations’ Guidelines, Customers’ Requests, … • EU Legislation, OECD, US Laws (HIPPA, COPPA, GLB, etc.) • Define requirements and actions to be fulfilled by • Organisations and Enterprises concerning Personal Data • Obligations can be very abstract: “Every financial institution has an affirmative and continuing obligation to respect customer privacy and protect the security and confidentiality of customer information” Gramm-Leach-Bliley Act

  6. Privacy Obligations • More refined Privacy Obligations dictate • responsibilities with respect of Personal Information: • Notice Requirements • Enforcement of opt-out options • Limits on reuse of Information and Information Sharing • …

  7. Privacy Obligations • Even more refined Privacy Obligations specify • “technical” constraints on Personal Information: • “Notify Data Owners every time their Personal Data is • involved in a Transaction or Accessed by Personnel” • “Access/Changes to Personal Data must be Audited” • “Delete Personal Information after 7 Years” • “Delete Personal Information of Customers whom • do not come back to this web site within 30 days” • …

  8. Categories of Privacy Obligations “Transactional” • “Notify Data Owners when their Personal Data is • involved in a Transaction or is accessed by Personnel” • “Audit the Access/Changes to Personal Data” • … • “Delete Personal Information after 7 Years” • “Delete Personal Information of Customers that • do not come back to this web site within 30 days” • … “Non-Transactional” - Ongoing Obligations

  9. Privacy Obligations • We focus on technical aspects of Obligations (even if we • recognise it is not just a matter of technology…) • To be technically enforceable a Privacy Obligationrequires • the definition of: • Timeframe and Period of Validity • Events and Situations that Trigger the Obligation • Target of the Obligation (PII data, etc.) • Actions and Tasks to be fulfilled for its Enforcement • Entities that are Accountable for its Enforcement • Accountability Criteria (logging, reporting, notification, etc.) • Exceptions and Special Cases • …

  10. Privacy Obligation Management Interactions/Transactions Involving Personal Data Ongoing and Long-term Privacy Obligations Authorization Process Obligation Management and Enforcement “Transactional” Privacy Obligations

  11. EPAL and Privacy Obligation Management User, Application, Service, … EPAL-driven Authorization and Enforcement Obligation Management And Enforcement Personal and Private Information Privacy Management Framework

  12. EPAL and Privacy Obligation Management

  13. Example of EPAL Rule Source: http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/

  14. Is it correct to describe also “Non-Transactional” • Privacy Obligations within an EPAL rule? • These Obligations can actually specify “First Class” Policies •  Why “Embedding” them in the context of Authorization Rules? • These Obligations might need to be enabled and enforced • independently by any Transaction or Interaction • (e.g. Unconditionally DeletePersonal Data XYZ after 7 years …) EPAL and Privacy Obligation Management • EPAL supports Privacy Obligations: • “EPAL defines an Abstract Authorization Interface • that outputs a Decision and Obligations …” •  There is a clear fit for “Transactional” Obligations but …

  15. EPAL and HPL Privacy Obligation Management – Current Status Interactions and Transactions Involving Personal Data Ongoing and Long-term Privacy Obligations EPAL “Transactional” Privacy Obligations Obligation Management Service

  16. Obligation Monitoring Service obligation Events Handler Obligation Server Obligation Enforcer feedback feedback result Data Ref. Obligation Audit Logs Obligation Store & Versioning Confidential Data HPL Privacy Obligation ManagementHigh-Level Architecture

  17. HPL Privacy Obligation Management Applications and Services Portal Users Admins Privacy Portal GUI: Authoring & Display Obligation Monitoring Service Monitoring Task Handler Admins Obligation Handler Store/ Retrieve Tracking Workflows Events Handler Active Obligations Obligation Enforcer Association Manager Obligation Scheduler & Manager Action Adaptors Obligation Server Audit Server ENTERPRISE Data Ref. Obligation Information Tracker Audit Logs Obligation Store & Versioning Confidential Data

  18. Open Issues [1/2] • Dealing withdifferent types of Privacy Obligations: • - using same Language • - Independence from the Nature of the Obligation • (Transactional, Non-Transactional, …) • Strong Stickiness of “Obligation Policies” to Personal • Data might be Required (for data transmission, etc.) • Provide degrees of Assurance on Obligations • Enforcement and overall Accountability • Dealing with Trust Aspects

  19. Open Issues [2/2] • Dealing with Explicit Management of Conflicting • Obligations, at the Enforcement time: • - Criteria can change based on the Context, Location … • - Different priorities (on the same Rule-set) dictated by • Local Legislation, Guidelines, Local Arrangements, … • - Different rule-sets in a Policy might be “active” in • different contexts … Note: at the moment EPAL addresses conflicts on rules via: - precedence, i.e. priority in the rule list - “delegation” to additional management tools  Using rule preconditions can add complexity to rules

  20. Goal: allow the explicit definition of Privacy Policies beyond • Authorization: • “Non-transactional” and “Ongoing” Privacy Obligations • Trust Compliance Policies for Privacy • … EPAL: Additional Requirements Extend EPAL to represent different types of Privacy Policies: EPAL  EPL

  21. Goal: Explicit Management of Rule/Policy selection: • Go beyond the current approach based on positional “precedence” • Ensure Portability across different Privacy Frameworks • Define evaluation mechanisms adaptive to Context, • Localization (EU,US, …) • … EPAL: Additional Requirements • Introduce “Meta-Rules” within the EPAL Language to • declare: • How to deal with conflicting rules within a policy • How to select “relevant” rules

  22. EPAL:Additional Long-term Requirements • Extending the Expressiveness of Policy Rules to deal • with: • Trust Constraints on Systems (Requestor, Policy Evaluator, etc.) • and Entities based on Contextual Information • Selective Disclosure of data, for example based on • the Current Level of Trust i.e. Privacy driven by Trust • Accountability, for example declaring actions that require • authenticated Audit and Interactions with Trusted Third Parties

  23. Conclusions • HP supports the Standardisation Process of EPAL • HP Labs are interested in Investigating and Researching • the usage of EPAL, including leveraging EPAL • for Privacy Obligation Management • EPAL could be extended to: • - Describe Policies/Rules that are not based on Authorisation • - Add “Meta-Rules” to increase policy portability, • explicitly address conflicts and define • additional requirements • In the longer-term EPAL could deal with trust constraints, • selective disclosure and accountability

  24. BACKUP Slides

  25. Example of Technical Representation of Privacy Obligation • - <Obligations> • <ObligationId>oblId1</ObligationId> • <Description>Delete Confidential Data for Pseudonym: uid1</Description> • - <ObligationTriggerDescriptor> • <Type>Event</Type> • <SubType>TimeBasedEvent</SubType> • - <Parameters> • - <TriggerTime> • <Year>2007</Year> • <Month>4</Month> • <Day>28</Day> • <Hour>13</Hour> • <Minute>30</Minute> • </TriggerTime> • </Parameters> • </ObligationTriggerDescriptor> • - <Target> • <DataOwner>uid1</DataOwner> • <DataType>Database</DataType> • <DataLocator>SELECT * FROM Customers WHERE CustomerId='uid1'</DataLocator> • </Target> • <Actions> • <Action>Delete</Action> • </Actions> • </Obligations>

More Related