The Use of Legal Ontologies in the Development of a System for Continuous Assurance of Privacy Policy Compliance * Bonnie W. Morris, Ph.D. CPA Division of Accounting Srinivas Kankanahalli, Ph.D. Lane Department of Computer Science & Electrical Engineering West Virginia University *Funded in part by Lockheed Martin’s Radiant Trust Center of Excellence Program
Outline of Presentation Motivation Research Plan and Background Our Work in Progress Future Research Directions
Motivation for the Research The Public is Concerned About Privacy and Infringement of Civil Liberties Managing Privacy Policy Compliance is a Difficult Problem There is a Demand for Assurance of Compliance with Privacy Laws and Policies
Public Concern A 2002 survey by the Center for Survey Research & Analysis at the U Conn for the First Amendment Center and American Journalism Review found: 81% reported that the right to privacy was "essential.” (Up from 78% in 1997.) In 2001, 72% of voters in North Dakota voted to re- instate “opt-in” privacy protections for financial information In a 2000 survey, the Pew Internet & American Life Project found that: 86% support opt-in privacy policies before companies use personal information. Source:
Managing Privacy Compliance is Difficult! U.S. laws are a “patchwork” –US PATRIOT Act –Gramm-Leach-Bliley Act –HIPAA –ECA –Video Privacy Act! Many organizations also are subject to international privacy laws, such as the EU’s Data Protection Act.
Demand for Assurance Senator Lieberman, chair of the Senate Governmental Affairs Committee, requested a GAO audit of four government agencies’ compliance with privacy laws and directives.
Demand for Assurance, continued A survey by Harris Interactive, February 19, 2002 found that –most consumers do not trust business to handle their personal information properly –84% responded that independent verification of company privacy policies should be a requirement. Source:
Continuous or On-Demand Assurance? It probably doesn’t matter. The same infrastructure is required for both.
Research Plan and Background
Organizational, architectural, and system design changes are needed to support continuous assurance A method of marking up or tagging data elements that are subject to privacy policies Mapping of natural language text-based statutes and policies into rules implemented in a computer system Maybe a “black box” to document access and sharing of personal information and to record audit tests.
Mapping Policy to Rules It is common practice when developing KBS to first build an intermediate or conceptual model before building a symbolic level model. –Aids in verification and validation –Supports future maintenance –Aids in the reuse. Source: Visser, et al. 1997
Legal Ontology-Definitions An ontology is an explicit conceptualization of a domain (Gruber, 1992) A legal ontology is a conceptualization of laws or statutes, in general. A statute-specific ontology is the instantiation of a legal ontology for a specific statute.
Research Approach Identify the target statute Pick an ontology Separate control knowledge from domain knowledge Pass through the appropriate sections of the statute to identify the vocabulary, taxonomy, and typology needed to instantiate the ontology--this is an iterative process
Our Work in Progress: Develop a Statute Specific Ontology for the Gramm-Leach-Bliley Act Using the Van Kralingen Legal Ontology (1995)
Van Kralingen Ontology (1995) A frame-based ontology Norms Acts Concepts
Norms are the rules or standards with which an entity must comply. Generally, a norm is expressed by a statement that something “ought to,” “ought not to,” “may,” or may not be done.
Norm frame Identifier Norm type Source Range of applicability Conditions of applicability Persons subject to the norm Modality (ought, ought not, may, may not…) Act identifier
Acts are events or processes that cause changes in the state of the world. An event causes an immediate change. A process has duration, over which change occurs.
Act Frame Identifier Type Source of the description Agents involved in the act Means (objects used) Manner in which the act was performed Timing Location Circumstances Cause (reason to perform act) Aim Intent Final state that derives from the act
Concepts are used to determine the meaning of a notion. Concepts may be definitions or “deeming provisions.” (A deeming provision is a legal fiction, that is, a statement that under certain circumstances something that is not true will be deemed to be true. )
Concepts Concept name Concept type Priority or weight assigned to it Source of the concept description Range of applicability Conditions of applicability List of instances of the concept
Identifying Statute Specific Vocabulary (Bench-Capon and Coenen, 1992) Words denoting –actions –agents –objects Words indicating –time –place –source –legal modality Words assigning properties to other entities Words expressing relations Words marking textual constructions Words marking arithmetic operations
A Partial Example of the Instantiation of the Ontology
Gramm-Leach-Bliley Act 15 USC, Subchapter I, Sec Disclosure of Nonpublic Personal Information source: “(d) Limitations on the sharing of account number information for marketing purposes A financial institution shall not disclose, other than to a consumer reporting agency, an account number or similar form of access number or access code for a credit card account, deposit account, or transaction account of a consumer to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer.”
Concepts (definitions) Financial institution (Agent) Third party (Agent) (Affiliated, Nonaffiliated,Consumer reporting agency,…) Financial account (Object) (credit card, deposit account, transaction account) Account Identifier (Object) (account number, access code, access number,…) Marketing (Cause) (telemarketing, direct mail marketing, marketing,…)
Act Act Identifier: Share account number information for marketing purposes Agents: Financial institutions subject to GLBA Act: Agent discloses account identifier to third party Cause: Marketing
Norm Subject: Financial Institutions subject to GLBA Conditions: Third party is non-affiliated and not a consumer credit agency Legal Modality: Shall not Act: Share account number information for marketing purposes
Control Knowledge The need to select an action to resolve a conflict is called the control problem (Hayes-Roth, 1988) Strategies for selecting the action to resolve a conflict is called solving the control problem Knowledge used to solve the control problem is called control knowledge
GLBA Control Problem The GLBA control problem arises because there are rules and exceptions to them. Solved by the legal principle: Lex Specialis Derogat Legi Generali (the conclusion of the exception should be preferred over the conclusion of the general rule)
Future Research Comparison of statute specific ontologies for other privacy statutes and policies Implementation issues--including resolution of control problems Tagging of data elements Explore the “black box” concept Temporal reasoning Exploring the efficacy of using ontologies to help draft policy statements