HP Labs Privacy Management Vision, Research and Work Presentation Title HP Labs Privacy Management Vision, Research and Work Marco Casassa Mont Senior Researcher Trusted Systems Lab HP Labs, Bristol, UK

Outline Overview of HP Labs and Privacy Management Group Key Privacy Concepts HP Labs Privacy Management Research and Work: Privacy Policy Enforcement Privacy Obligation Management Conclusions Presentation Title Outline

HP Labs Roles of HP Labs http://www.hpl.hp.com ~600 employees Presentation Title HP Labs Trusted Systems Laboratory Bristol, UK http://www.hpl.hp.com Bristol China Palo Alto Israel Japan ~600 employees worldwide India HP Labs is worldwide with locations in the U.S., in the U.K., Israel, Japan and more recently India and China. We number about 600; about half of our researchers are PhD-level engineers, computer scientists, physicists and chemists. We operate a diversified research portfolio, with larger investments on present-day strategies and smaller investments on long-term, more speculative projects. Key research strategies are driven by company strategy and customer interaction We have a focused approach to invention, innovating where we can add value, partnering for the rest. HP Labs is tightly aligned with HP strategy – in fact we participate in developing that strategy. We work directly with customers – internal and external – to determine best commercialization paths … and I’ll share examples today. Roles of HP Labs Contribute to HP Strategy Creation Grow HP's Business with Strategically Aligned Technologies Create Technologies that Enable New Opportunities for HP Invest in Fundamental Science in Areas of Interest to HP February 15, 2019

HP Labs: Trusted Systems Laboratory Security Research Presentation Title Mission Research on Trust, Security and Privacy to provide Safe, Simple to own, and Assured Systems, Enabling Confident Participation in the Digital Economy and delivered through HP’s Infrastructures and Infrastructure Services We see from the chart that the number of security breaches is on the increase and we know that the financial impact on industry runs into $Billions each year. At the same time we are using the internet more and more to do business and share sensitive information. TSL is trying to increase peoples confidence in doing business on the internet by deploying technologies that enhance trust and simplify the whole task of managing security. o       SAFE: Compare with locks on the doors and windows, burglar alarms, even neighbourhood watch type schemes. What is the e-equivalent? o       SIMPLE TO OWN: Most people agree these days that security by obscurity is not a good thing, in fact complexity generally make systems less secure. How many of us really understand what security options to set on our web browsers or how to properly configure anti-virus software, personal firewalls, access control lists, password management etc. Most people rely on good defaults, however, out of the box default often leave a lot to be desired. Another analogy – car immobiliser, simple to use if you have the key. Pretty effective too. o       ASSURED: Compare with the building trade. Choosing a builder is always a difficult task – this trade has a bit of a reputation. What do you look for? You get a feel when you see them and speak to them. Preferably you would want recommendations from friends or family. But what about in the electronic world where you don’t deal face to face, and have probably never interacted before. How do you trust a computer rather than a human being? THREAT MANAGEMENT: We’ll say more about this shortly, but the graph has already shown that this problem is on the increase. Attacks are becoming faster, clever and potentially more damaging. Tools are available on the Internet requiring very little technical knowledge to launch some of these attacks. Many of them come through email and even though you can constantly tell people not to open attachments from unrecognised senders, people are fallible. Tradition mechanisms to date do not seem to be dealing with this problem adequately. IT Governance: Good IT Governance is becoming increasingly important for many companies – being driven by both the need to get a better return on IT spending and by the need to comply with regulations such as Sarbanes Oxley for financial reporting and HIPPA and others for privacy protection. There are a number of ways that technology can help companies in ensuring there governance requirements are being met by their IT systems. This includes assurance systems showing how the overall IT infrastructure is being run, to tools that help enforce high level policies that are important for maintaining governance. We have research projects that are looking into areas such as Compliance, Privacy Enforcement and Obligation Management, Identity Management. Included here are core competences in cryptography and modelling. TRUSTED Infrastructure: At the end of the day you want to be sure that the platform you are running on will behave exactly as you would expect, running corporate certified software and configurations. Currently this area is being industry led through the Trusted Computing Group, founded by HP, Compaq, Microsoft, Intel and IBM. In addition to trusted hardware, we are researching into Trusted Virtualisation in the context of the Adaptive Enterprise However, security is not just about technology; we have to understand the social science of what is acceptable, concerns re peoples privacy and rights, we need to understand the legal framework that is going to underpin everything, e.g. copyright laws, export laws, key escrow concerns, digital rights management, we need to understand the mathematics to be sure that systems are truly (even provable) safe, and we need to understand how all of this, plus the supporting technologies all come together to create a solution. TSL Privacy Management Group Threat Management IT Governance Trusted Infrastructure Our Vision: Address privacy management Issues with innovative IT technologies and solutions Our Premise: Integrating privacy management into the middleware layer of a data processing system will provide most benefits, e.g., common approach, re-usable software, etc. Our Approach: Design, build and test Proof-of-Concept prototypes February 15, 2019

Outline Overview of HP Labs and Privacy Management Group Key Privacy Concepts HP Labs Privacy Management Research and Work: Privacy Policy Enforcement Privacy Obligation Management Conclusions Presentation Title Key Privacy Concepts Outline

Enterprise Privacy Management Presentation Title Privacy Legislation (EU Laws, HIPAA, COPPA,SOX, GLB, Safe Harbour, …) Customers’ Expectations Internal Guidelines Impact on Enterprises and Opportunities Personal Data Applications & Services PEOPLE ENTERPRISE Regulatory Compliance Customers’ Satisfaction Positive Impact on Reputation, Brand, Customer Retention Regulations, Standards, Best Practices Enterprise IT Infrastructure IT Alignment Policy Enforcement Development Transparency Monitoring Reporting Effective Enterprise Privacy depends on Good Governance Practices February 15, 2019

Privacy For Personal Data: Core Principles Presentation Title Limited Retention Limited Disclosure Limited Use Limited Collection Consent Purpose Specification Privacy Rights Permissions Obligations Privacy Policies February 15, 2019

Outline Overview of HP Labs and Privacy Management Group Key Privacy Concepts HP Labs Privacy Management Research and Work: Privacy Policy Enforcement Privacy Obligation Management Conclusions Presentation Title Outline HP Labs Privacy Management Research and Work: Privacy Policy Enforcement Privacy Obligation Management

Privacy Policy Enforcement in Enterprises Presentation Title How to Enforce Privacy Policies within Enterprises when Accessing and Manipulating Personal Data? How to Enforce User Preferences, e.g. Consent? How to Integrate with Identity Management Solutions? HP Labs R&D Work Privacy-Aware Access Control System for Personal Data Prototype Integrated with HP Select Access HP Business Considering its Productisation in 2006 Regulations, Standards, Best Practices IT Alignment Policy Enforcement Policy Development Enterprise IT Infrastructure Privacy Policy Enforcement February 15, 2019

Moving Towards a “Privacy-Aware” Access Control … Privacy Enforcement on Data: Access Control + “Intent, Purpose, Consent, …” Presentation Title Access Control Privacy Extension Personal Data Purpose Requestor’s Intent Constraints Requestor Actions Rights Owner’s Consent Privacy-Aware Access Control Other… Personal Data Requestor Actions Rights Access Control Traditional Access Control It is not just a matter of traditional access control: need to include data purpose, intent and user’s consent Moving Towards a “Privacy-Aware” Access Control … February 15, 2019

Enterprise Privacy Policies & Example: Privacy-aware Access Control with Consent, Purpose and Intent Mgmt Presentation Title Table T1 with PII Data and Customers’ Consent Enterprise Privacy Policies & Customers’ Consent T1 HIV Drug Addicted Rob 2 Hepatitis Contagious Illness Julie 3 Cirrhosis Alcoholic Alice 1 Diagnosis Condition Name uid If role==“empl.” and intent == “Marketing” Then Allow Access (T1.Condition,T1.Diagnosis) & Enforce (Consent) Else If intent == “Research” Then Allow Access (T1.Diagnosis) Else Deny Access T2 2 3 1 Research Marketing Consent x Access Table T1 (SELECT * FROM T1) Intent = “Marketing” Privacy Policy Enforcement Enforcement: Filter data SELECT “-”,Condition, Diagnosis FROM T1, T2 WHERE T1.uid=T2.Consent AND T2.Marketing=“YES” Hepatitis Contagious Illness - 3 2 Cirrhosis Alcoholism 1 Diagnosis Condition Name uid Filtered data February 15, 2019

AccessControl Policies Privacy Enforcement in HP Select Access Presentation Title HPL Plug-ins Privacy Policy Deployment & Decisions Validator (Policy Decision) Policy Builder AccessControl Policies Audit Repository Enforcer Plug - in Access Request Grant/Deny Web Services Personal Data + Owners’ Consent Applications, Services, … Privacy-aware Access to Data HPL Data Enforcer Requestor’s Intent + Request to Access Data Privacy- aware Decision Data Access Privacy- aware Access Request Privacy Policy Enforcement On Personal Data HPL Plug-ins + Privacy Policies (intent, purpose, consent, constraints…) Data Modelling & Privacy Policy Authoring February 15, 2019

Effect of applying the privacy policy Prototype: Demo Snapshots Presentation Title The new customer data is not visible as she gave no consent to use her data for Marketing purposes Effect of applying the privacy policy (data filtering) Effect of enforcing customers’ Consent Rule Editor Purpose-based Decision plug-in Data Filtering plug-in Consent Management plug-in Data Expiration plug-in The new customer data is (partially) visible as she gave consent to use her data for Research purposes Effect of enforcing customers’ Consent Effect of applying the privacy policy (data filtering) Give consent to access data For Declared Purposes e.g. Research Data Retention Preferences February 15, 2019

Outline Overview of HP Labs and Privacy Management Group Key Privacy Concepts HP Labs Privacy Management Research and Work: Privacy Policy Enforcement Privacy Obligation Management Conclusions Presentation Title Outline HP Labs Privacy Management Research and Work: Privacy Policy Enforcement Privacy Obligation Management

Privacy Obligation Management Presentation Title Privacy Obligations dictate Duties and Expectations to Enterprises on How to Handle Personal Data: Which Privacy Obligations to Manage? How to Represent them? How to Schedule, Enforce and Monitor Privacy Obligations? How to Integrate with Identity Management Solutions? HP Labs R&D Work Privacy Obligation Management System Prototype Integrated with HP Select Identity Explore its Productisation Research in EU PRIME Project Regulations, Standards, Best Practices IT Alignment Policy Enforcement Policy Development Enterprise IT Infrastructure Enforcement Obligation Privacy Monitoring Reporting Transparency February 15, 2019

Obligation Management System (OMS): Model Presentation Title Obligations can be Very Abstract Personal Data (PII) Data Subjects Administrators ENTERPRISE Obligation Management Framework Obligations Scheduling Enforcement Monitoring More Refined Privacy Obligations dictate Responsibilities and Duties on Personal Information: - Notice Requirements - Enforcement of opt-in/opt-out options - Limits of Reuse - Data Retention - Data Deletion - Data Transformation Privacy Obligations Privacy Obligations are not Subordinated to Access Control February 15, 2019

Setting Privacy Obligations Obligation Management System High Level System Architecture Presentation Title Enforcing Privacy Obligations Applications and Services Data Subjects Privacy-enabled Portal Admins Monitoring Privacy Obligations Setting Privacy Obligations On Personal Data Obligation Monitoring Service Events Handler Monitoring Task Handler Admins Obligation Server Workflows Obligation Scheduler Obligation Enforcer Information Tracker Action Adaptors ENTERPRISE Audit Server Data Ref. Obligation Obligation Store & Versioning Confidential Data February 15, 2019

User Provisioning and Obligation Management Presentation Title Management of Privacy Obligation in the context of User Provisioning and Account Management: Turn Privacy Preferences into Privacy Obligations Personal Data + Privacy Preferences (e.g. Deletion, Notification) Obligation Management System Self Registration and User Account Management HP Select Identity Connectors Data Subject Privacy Obligation Enforcement & Monitoring Service API User Provisioning Enterprise Data Repositories February 15, 2019

Prototype: Demo Snapshots Presentation Title Privacy Preferences (deletion times of selected attributes and of the entire account) Details of Selected Obligation New Privacy Obligations generated as Effect of provisioning a new User and Handling Privacy preferences (Deletion and Notification) View: Monitored Obligations (enforced obligations) Note: In this example, the last two obligations in the list are in the “Violated” status (RED colour). This status and the details can be logged/audited and reported to the administrator for follow-up actions Privacy Preferences (notification of deletions via e-mail) The new user provisioning request has been successful – User information will also be provisioned via the OMS connector that will cause the creation of new privacy obligations based on previous user’ privacy preferences View: List of Managed Obligations (to be enforced and enforced obligations) Note: in this example all obligations are enforced (status OK or Violated) Obligation Management System - GUI HP Select Identity February 15, 2019

Outline Overview of HP Labs and Privacy Management Group Key Privacy Concepts HP Labs Privacy Management Research and Work: Privacy Policy Enforcement Privacy Obligation Management Conclusions Presentation Title Outline Conclusions

Conclusions Presentation Title Privacy Management is a Key Aspect of IT Governance and Regulatory Compliance for Enterprises Key Privacy Management Requirements for Enterprises: Privacy Enforcement Automation and Cost Reduction Integration with Identity Management Solutions HP Labs’ Contributions: - Vision: Address Privacy Management with IT Solutions and Technologies Technology: Privacy Policy Enforcement with HP Select Access Technology: Privacy Obligation Management with HP Select Identity HP Labs keen to Collaborate with Customers for Trials and Requirements More Information: http://www.hpl.hp.com/research/ssrc/security/ February 15, 2019

Presentation Title