On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.

Slides:



Advertisements
Similar presentations
Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
Advertisements

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
Declarative Privacy Policy: Finite Models and Attribute-Based Encryption 1 November 2 nd, 2011.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Formalizing and Enforcing Privacy: Semantics and Audit Mechanisms Anupam Datta Carnegie Mellon University Verimag January 13, 2012.
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Privacy Policy Workshop M. Ryan Calo, Center for Internet and Society, Stanford Law School Mali Friedman, Covington & Burling LLP, San Francisco Office.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May Work supported by: NSF ITR : Sensitive Information in.
Course Review Anupam Datta CMU Fall A: Foundations of Security and Privacy.
Aims and Motivation The goal of this project is to produce a secure and dependable way of distributing and storing data securely over a distributed system.
James Williams – Ontario Telemedicine Network. Objectives: 1. Review policy constraints for EHR systems. 2. Traditional approaches to policies in EHRs.
Course Overview Anupam Datta CMU Fall A: Foundations of Security and Privacy.
Contextual Integrity and its Formalization
Anupam Datta Anupam DattaCMU Joint work with Adam Barth, John Mitchell (Stanford), Helen Nissenbaum (NYU) and Sharada Sundaram (TCS) Privacy and Contextual.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Privacy Challenges and Solutions for Health Information Systems John C Mitchell, Stanford University.
Yusuf İ slam Ş EFLEK 11 TM/A 85.  An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style PRIVACY AS & AND CONTEXTUAL INTEGRITY Helen Nissenbaum.
Protecting Children’s Personal Information: Using Contextual Integrity Theory to Examine Information Boundary on Mobile Devices Ying Chen*, Sencun Zhu*,
Contextual Integrity & its Logical Formalization 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
Privacy as contextual integrity Helen Nissenbaum New York University September 6, 2007 Ars Electronica, Linz Support.
6 October 2006NHPRC Electronic Records Symposium Developing the HIPAA-Aware EAD Finding Aid The Concept of HIPAA Awareness Nancy McCall Michael Miers Phoebe.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
FERPA Questions and Answers Lenawee Data Camps June and August, 2009.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
@Yuan Xue CS 285 Network Security Fall 2008.
Contextual Integrity as a Normative Guide for Privacy Helen Nissenbaum New York University * School of Information, UC Berkeley April 2, 2008 * Supported.
TRUST Review, April 2, 2008 Experimental Platform for Model-Integrated Clinical Information Systems Janos Mathe ‡, Jan Werner ‡, Yonghwan Lee ‡, Akos Ledeczi.
MAINTAINING PRIVACY & DATA SECURITY IN THE VIRTUAL PRACTICE OF LAW.
Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.
Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204.
Protocol Steganography Norka Lucena and Steve Chapin Syracuse University May 27, 2004.
FACTA Medical Chicago Regional Training Conference Indianapolis, Indiana June 14, 2006 David Lafleur, Policy Analyst-Compliance Federal Deposit Insurance.
Sears Privacy Policy & Security information Shaina Lacher.
Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.
12/13/20151 Computer Security Security Policies...
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
Credit:  Cyber law refers to any laws relating to protecting the Internet and other online communication technologies.
Electronic Signatures CTO Workshop January 6, 2005 System Computing Services.
Chapter 4: Laws, Regulations, and Compliance
Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur
1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 13 Privacy as a Value.
The Privacy Symposium August 22, 2007 ©2007. Goodwin Procter LLP The Ethics and Responsibilities of a Privacy Professional.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
A Secure Online Card Payment Protocol VIJAY CHOUDHARY M.Tech(IS), DTU.
Cybersecurity Presentation Insert Name CSIA 412. Agenda 0 Purpose of Legislation 0 Influence of Legislation 0 Legislation vs. Other Regulatory Demands.
E&O Risk Management: Meeting the Challenge of Change
Survey on Security and Energy Efficiency in the Cloud Computing Environment Wei Wu.
Institutional Privacy Challenges
Soummya Kar NAS, Data Science Symposium Jun. 14, 2018
Computer Programming I
Dashboard eHealth services: actual mockup
Beyond Proof-of-compliance: Security Analysis in Trust Management
A Policy-Based Security Mechanism for Distributed Health Networks
On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.
A Distributed Tabling Algorithm for Rule Based Policy Systems
Non-HIPAA Governmental Regulation of Healthcare Privacy and Security
18734: Foundations of Privacy
Presentation transcript:

On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007

Privacy Research Space What is privacy? PHILOSOPHY Privacy Laws LEGAL POLICY System ModelPolicy Specification Check Compliance COMPUTER SCIENCE

Our Approach What is privacy? CONTEXTUAL INTEGRITY [N04] Privacy Laws HIPAA, GLBA, COPPA Model: Communicating Agents in Roles Temporal Logic based Policy Specification Check Compliance using generic model-checking and specialized algorithms

Privacy Model AliceBob Charlie’s SSN is Sender: Alice Recipient: Bob Subject of message: Charlie Attribute: SSN Transmission principles: –Is this communication allowed? –Can Bob share this information? [Barth, Datta, Mitchell, Nissenbaum] Inspired by “Contextual Integrity” [Nissenbaum04]

Sender roleSubject roleAttribute Transmission principle GLBA Example Recipient role Financial institutions must notify consumers if they share their non-public personal information with non- affiliated companies, but the notification may occur either before or after the information sharing occurs

Policy language  ::= send(p 1,p 2,m)p 1 sends p 2 message m | contains(m, q, t)m contains attrib t about q | inrole(p, r)p is active in role r | incontext(p, c)p is active in context c | t  t’Attrib t is part of attrib t’ |    |  |  x: .  Classical operators |  U  |  S  | O  Temporal operators

Related Languages ModelSenderRecipientSubjectAttributesPastFutureCombination RBACRoleIdentity  XACMLFlexible o  o  EPALFixedRoleFixed  o  P3PFixedRoleFixed  o  o CIRole  u Legend:  unsupported opartially supported  full supported u CI fully supports attributes, combination, temporal conditions

Publication uA. Barth, A. Datta, J. C. Mitchell, H. Nissenbaum Privacy and Contextual Integrity: Framework and Applications Proceedings of 27th IEEE Symposium on Security and Privacy, pp , May uLots more to do!

Thanks! Questions?

Broad Goal uProtect privacy State and enforce restrictions on transmission and use of data Using a formal policy language uExamples: Systems enforcing –HIPAA rule for medical privacy –GLBA for financial transactions –COPPA for children online privacy –Other legal and enterprise privacy policies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.