Towards Scalable Management of Privacy Obligations in Enterprises

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.
Basic guidelines for the creation of a DW Create corporate sponsors and plan thoroughly Determine a scalable architectural framework for the DW Identify.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
Chapter 1: The Database Environment
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
Process-oriented System Automation Executable Process Modeling & Process Automation.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
1 Introduction to Database Systems. 2 Database and Database System / A database is a shared collection of logically related data designed to meet the.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
Delivering business value through Context Driven Content Management Karsten Fogh Ho-Lanng, CTO.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June © 2003 IBM Corporation Shortcomings.
2007 © Giunti Labs – No reproduction without written permission Visualizing IMS Learning Design for easier editing Marco Luccini, Giunti Labs R&D Project.
1 Computing Challenges for the Square Kilometre Array Mathai Joseph & Harrick Vin Tata Research Development & Design Centre Pune, India CHEP Mumbai 16.
Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager Overview.
Castlebridge associates | | Castlebridge changing how people think about information How to Implement the.
UCI Large-Scale Collection of Application Usage Data to Inform Software Development David M. Hilbert David F. Redmiles Information and Computer Science.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Software Reuse. Objectives l To explain the benefits of software reuse and some reuse problems l To discuss several different ways to implement software.
Stages of Research and Development
Accountability & Structured Privacy Management
The Five Secrets of Project Scheduling A PMO Approach
CIM Modeling for E&U - (Short Version)
Policy-oriented Enterprise Management for SAP Business Modeling
Deployment Planning Services
Policy Based Management: Introduction & implementation
Policy Based Management: Introduction & implementation
The Systems Engineering Context
Exploring Azure Event Grid
Scalable Policy-awarE Linked Data arChitecture for prIvacy, trAnsparency and compLiance H2020-ICT Big Data PPP: privacy-preserving Big Data technologies.
Chapter 2 Database Environment.
File Systems and Databases
PLUG-N-HARVEST ID: H2020-EU
Privacy Management with HP OpenView Identity Management
Data Model.
Marco Casassa Mont Trusted Systems Laboratory
Metadata Framework as the basis for Metadata-driven Architecture
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Analysis of Privacy and Data Protection Laws and Directives
HP Labs Privacy Management Vision, Research and Work
HIPAA Security Standards Final Rule
EPAL and Management of Privacy Obligations
Marco Casassa Mont Hewlett-Packard Labs
Hewlett-Packard Labs, Bristol, UK
On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.
Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services Marco.
Marco Casassa Mont Keith Harrison Martin Sadler
Making Privacy Possible: Research on Organizational Privacy Technology
Towards Accountable Management of Privacy and Identity Information
Marco Casassa Mont Siani Pearson Robert Thyne Hewlett-Packard Labs
MIS 385/MBA 664 Systems Implementation with DBMS/ Database Management
Ponder policy toolkit Jovana Balkoski, Rashid Mijumbi
Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.
OU BATTLECARD: Oracle Identity Management Training
Presentation transcript:

Towards Scalable Management of Privacy Obligations in Enterprises Marco Casassa Mont Hewlett-Packard Labs

Presentation Outline Privacy Concepts and Background Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

Presentation Outline Privacy Concepts and Background Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

Privacy: An Important Aspect of Regulatory Compliance (Example of Process) Regulations (incomplete list …) 10 April, 2019

Privacy: Impact on Users and Enterprises Privacy Legislation (EU Laws, HIPAA, COPPA, SOX, GLB, Safe Harbour, …) Customers’ Expectations Internal Guidelines Personal Data Applications & Services PEOPLE ENTERPRISE Regulatory Compliance Customers’ Satisfaction Positive Impact on Reputation, Brand, Customer Retention 10 April, 2019

Privacy Obligations Privacy Policies Privacy Obligations are Policies that describe Duties and Expectations on how PII Data Should be Managed in Enterprises They dictate “Privacy-aware Information Lifecycle Management” They can be defined by Privacy Laws, Data Subjects’ Preferences and Enterprise Guidelines Privacy Policies Limited Retention Limited Disclosure Limited Use Limited Collection Consent Purpose Specif. Privacy Rights Permissions Obligations 10 April, 2019

Presentation Outline Privacy Concepts and Background Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

Privacy Obligations: A Complex Topic … Short-term Long-term Duration One-time Ongoing Enforcement Constraints dictated by Obligations: Notice Requirements Enforcement of opt-in/opt-out options Limits on reuse of Information and Information Sharing Data Retention limitations … “Delete Data XYZ after 7 years” “Notify User via e-mail1 If his Data is Accessed” Types Transactional Data Retention & Handling Other Event-driven Obligations Context Dependent on Access Control Independent from Access Data Subject Setting Enterprise “How Represent Privacy Obligations? How to Stick them to Personal Data? How to Manage, Enforce and Monitor them? How to Integrate them into current IDM solutions?” 10 April, 2019

Privacy Obligations: Common Aspects Timeframe (period of validity) of obligations Target of an obligation (PII data) Events/Contexts that trigger the need to fulfil obligations Actions/Tasks/Workflows to be Enforced Responsible for enforcing obligations Exceptions and special cases 10 April, 2019

Technical Work in this Space - P3P (W3C): - Definition of User’s Privacy Expectations - Explicit Declaration of Enterprise Promises - No Definition of Mechanisms for their Enforcement Data Retention Solutions, Document Management Systems, Ad-hoc Solutions for Vertical Markets - Limited in terms of expressiveness and functionalities. - Focusing more on documents/files not personal data - IBM Enterprise Privacy Architecture, EPAL, XACML … - No Refined Model of Privacy Obligations - Privacy Obligations Subordinated to AC. Incorrect … 10 April, 2019

Our Approach in EU PRIME Project Privacy Obligations are “First-Class entities”: No Subordination to Access Control/Authorization View  Explicit Representation, Management and Enforcement of Privacy Obligations Allow Data Subjects to Express their Privacy Preferences that are Mapped into Enterprises’ Obligations Provide a Solution to Enterprises to Automate the Management 10 April, 2019

Obligation Management System (OMS): Model Framework Obligations Scheduling Enforcement Monitoring Privacy Obligations Privacy Preferences Data Subjects Administrators Personal Data (PII) ENTERPRISE 10 April, 2019

Privacy Obligations: Modelling and Representation Targeted Personal Data References to stored PII data e.g. Database query, LDAP reference, Files, etc. Privacy Obligation Obligation Identifier Triggering Events One or more Events that trigger different Actions e.g. Event: Time-based events Access-based Context-based On-Going Events Actions: Delete, Notify, … Actions Additional Metadata (Future Extensions) 10 April, 2019

Simple Example of Privacy Obligation Explicit Reference to a Piece of Customer Data (Target) Time-based triggering Event Prescribed Actions Involving Notification of Customer and data Deletion 10 April, 2019

Setting Privacy Obligations OMS: High Level System Architecture Enforcing Privacy Obligations Applications and Services Data Subjects Privacy-enabled Portal Admins Monitoring Privacy Obligations Setting Privacy Obligations On Personal Data Obligation Monitoring Service Events Handler Monitoring Task Handler Admins Obligation Server Workflows Obligation Scheduler Obligation Enforcer Information Tracker Action Adaptors ENTERPRISE Audit Server Data Ref. Obligation Obligation Store & Versioning Confidential Data 10 April, 2019

Presentation Outline Privacy Concepts and Background Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

Current Model: Association of Privacy Obligations to Personal Data + Privacy Obligations Obligations Privacy Preferences (Deletion, Notification, etc.) are Embedded within Obligations Association of Privacy To PII Data 1:1 Association Privacy Obligations Obligation Management System Personal Data Data Subjects (Users) Personal Data Enterprise Data Repositories ENTERPRISE 10 April, 2019

Example of Embedded Preferences/Refs Explicit Reference to a Piece of Customer Data Time-based triggering Event Prescribed Actions Involving Notification of Customer and data Deletion 10 April, 2019

Current Approach: Pros and Cons Provides Flexible, Fine-grained Mechanism to End-Users to Express their Privacy Preferences Supports Mechanism to Automatically Turn Privacy Preferences into Obligations Supports Customisation of Obligations (Events/Actions) as long as supported by the OMS Cons (Linear) Growth of Number of Managed Obligations depending on Size of Data High Demand on Management and Monitoring Resources Administrative and GUI Usability Issues in case of Large Amounts of PII data and Associated Obligations 10 April, 2019

Open Issues Scalability Problem when Handling Large Amounts of PII Data (>100K) and Related Privacy Preferences: Too many (Similar) Obligations to be Handled Too many (Computational) Resources might be Required by OMS Difficult to Administer Large Number of Obligations (not Scalable) Need for Adequate Administrative Tools, inclusive of Admin GUI Capabilities (Importance of HCI Aspects …) 10 April, 2019

Open Issues: Current Administrative Tools 10 April, 2019

Presentation Outline Privacy Concepts and Background Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

Learning Contexts PRIME: Integration of OMS Component in PRIME Integrated Prototype (IPV1) https://www.prime-project.eu/ HP: Integration of OMS with HP OpenView Select Identity to enable Privacy-aware Information Lifecycle Mgmt during Identity Provisioning http://www.hpl.hp.com/techreports/2005/HPL-2005-180.html 10 April, 2019

Learnt Lessons [1/3] It is not feasible for the Enterprise to allow Users to Define any Arbitrary Combinations of Privacy Preferences and Constraints Specifications – even within the Types of Obligations that an Enterprise can potentially Support: Involved Costs and Complexity Usability Aspects for End-Users (e.g. Policy Authoring) Not all the Potential Combinations of Constraints make Sense … 10 April, 2019

Learnt Lessons [2/3] End-Users are actually NOT so Interested in Dealing with the Authoring of Obligations and/or Coping with Related Complexity: Need for Simple and Intuitive Visual Approaches to Capture Relevant Privacy Preferences (Source: Karlstad University – OMS GUI Trial) Little Efforts should be Required: Just Express Preferences… Lack of Users’ Knowledge in Privacy Matters 10 April, 2019

Learnt Lessons [3/3] Enterprise Administrators Need Effective Admin Tools to Manage and Monitor Obligations: Intuitive Administrative Tools and GUIs Easy Ways to Retrieve Obligations Easy Ways to Handle the Lifecycle of Obligations 10 April, 2019

Approach Followed in PRIME [1/2] It is Preferable to Provide Users with a “List” of Predefined Types of Privacy Obligations supported by the Enterprise Each Obligation Type has a Predefined Structure (e.g. set of Events and Actions)  “Obligation Template” Each Obligation Type explicitly describes which Privacy Preferences need to be Specified by the End-User End-Users see a “Natural Language” Description of these Obligations. They only need to Provide the related Privacy Preferences via Simplified GUIs 10 April, 2019

Actual Approach Followed in PRIME [2/2] Obligation Templates (Types) Obligation Template (Type): Defines Obligation Structure Defines Types of Privacy Prefs Attempt to Access Service Request to Disclose PII Data & List of Relevant Obligation Templates Privacy Admins Req. PII Data + Privacy Prefs. User PRIME GUI Disclose PII + Privacy Prefs. Push Instantiated Obligation Templates (i.e. with Privacy Prefs) Obligation Management System PRIME Toolbox ENTERPRISE 10 April, 2019

Example of Obligation Template Deletion Preference: Specified by User User Id References: Automatically Filled In by OMS 10 April, 2019

Some Important Observations Obligation Templates Do Not Solve the Scalability Problem: For each piece of PII Data  one or more Obligations still Need to be Generated and Associated However: All Obligations generated by an Obligation Template are Structurally Identical (Same Set of Events/Actions) They only differ because of Embedded Privacy Preferences and/or Embedded PII References 10 April, 2019

Towards A More Scalable Management of Privacy Obligations Why not Managing Obligations in a way that is Parametric to Privacy Preferences and References? Why not “solving” these References at the Enforcement/Monitoring Time?  Concept of Parametric Privacy Obligations … 10 April, 2019

Presentation Outline Privacy Concepts and Background Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

Parametric Privacy Obligations Parametric Obligation: contains a Parametric Definition of Obligation’s Target, Events, Actions Its Structure is still based on Predefined Obligation Templates However, once Instantiated, it contains References to Personal Data and Privacy Preferences Privacy Preferences are Not Embedded Anymore within Parametric Obligations but they are Stored in a Separated Repository (controlled by OMS) References are Resolved by OMS at Runtime 10 April, 2019

(Deletion, Notification,etc.) New Model based on Parametric Obligations [1/2] Personal Data + Privacy Preferences Parametric Obligation1 Privacy Obligations Derived From Templates Obligation2 Privacy Preferences Obligation Management System Personal Data Data Subjects (Users) N:1 Association Privacy Prefs. Personal Data Privacy Preferences (Deletion, Notification,etc.) Enterprise Data Repositories ENTERPRISE 10 April, 2019

New Model based on Parametric Obligations [2/2] Each Parametric Obligations Can be Associated to a Large Set of PII Data (Target) Drastic Reduction of Number of Explicit Instances of (Similar) Obligations Easier Administrative Management of Obligations OMS still has to Keep Track of Fine Grained Operational Information about the Management of “Obligations” for each Piece of PII Data: Status of Events Status of Enforced Actions More Complexity in Obligation Definition (Target) … 10 April, 2019

Hybrid Obligation Management Model Deal with both: “Traditional” Obligations Parametric Obligations Hybrid Model to Address: Flexibility in Specifying ad-hoc Obligations Minimise, if Required, Redundancy of Managed Obligations – in case of Large Number of PII Data Give a Choice on which Type of Obligations to Use Ensure that the Required Level of Scalability, Flexibility and Customisation can be Provided Parametric Obligations Traditional Obligations 10 April, 2019

Discussion The Proposed Model does not Limit the Control that Users can have in Specifying Privacy Preferences The Number of “Similar” Obligations Managed by the OMS is Reduced. Less Computational Resources. More Scalability in Managing Obligations. R&D Work still needs to be Done to Provide a more Suitable Admin GUI and related Tools to Administrators Full Implementation is Required to Analyse Results and Compare against Current OMS System … This is Work in Progress … 10 April, 2019

Current Status and Next Steps We are Extending the Current OMS System to Handle also Parametric Obligations (i.e. Hybrid Model) First Fully Working Prototype to be Completed in 2-3 months: Scalability and Performance will be Analysed and Results Published Next Steps - Continue our Research in the Context of PRIME and HPL Projects: Further Refine the Hybrid/Parametric Model Explore the Management Lifecycle of Parametric Obligations Build more Advanced Admin GUIs and Related Tools 10 April, 2019

Presentation Outline Privacy Concepts and Background Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

Conclusions Privacy Management is Important for Enterprises Focus on Providing Tools to Handle Privacy Obligations First Implementation of Obligation Management System in PRIME and HPL as a Proof-of-Concept: Scalability Issues … Important Requirement: Handle Obligations on Large set of PII Data (>100k) Learnt Lessons: Avoid Defining Redundant Obligations & Simplicity Moving Towards Parametric Privacy Obligations Possibility to Leverage an Hybrid Model Working Prototype based on this Model will be Available soon for Tests and Comparative Analysis … R&D Work in Progress … 10 April, 2019

BACKUP Slides 10 April, 2019

the security and confidentiality of customer information” Privacy Obligation Refinement: Abstract vs. Refined Obligations can be very abstract: “Every financial institution has an affirmative and continuing obligation to respect customer privacy and protect the security and confidentiality of customer information” Gramm-Leach-Bliley Act More refined Privacy Obligations dictate Duties, Expectations and Responsibilities on How to Handle Personal Data: Notice Requirements Enforcement of opt-in/opt-out options Limits on reuse of Information and Information Sharing Data Retention limitations … 10 April, 2019

Key Requirements Explicit Modeling and Representation of privacy obligations (Strong) Association of obligations to data Mapping obligations into enforceable actions Compliance of refined obligations to high-level policies Tracking the evolution of obligation policies Dealing with Long-term Obligation aspects Accountability management and auditing Monitoring obligations User involvement Handling Complexity and Cost of instrumenting Apps and Services 10 April, 2019

Potential Model Implementations [1/2] Based on “General Purpose Approach” to Manage Parametric Obligation: General-purpose OMS Data Structure to Store Operational Information about Events Actions Pros: it works for all types of parametric obligations Cons: it might need to be extended for new types of parametric obligations it cannot be optimised for each type of parametric obligations 10 April, 2019

Potential Model Implementations [2/2] Based on the Concept of “Obligation Blade”: Each Parametric Obligation comes in a “bundle” including also the definition of required OMS Data Structures to support that obligation Pros: it allows for further optimisation Cons: it introduced more complexity in the definition and administration of each type of parametric obligations 10 April, 2019