Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Scalable Management of Privacy Obligations in Enterprises

Published byJuliaan Driessen Modified over 5 years ago

Similar presentations

Presentation on theme: "Towards Scalable Management of Privacy Obligations in Enterprises"— Presentation transcript:

1 Towards Scalable Management of Privacy Obligations in Enterprises
Marco Casassa Mont Hewlett-Packard Labs

2 Presentation Outline Privacy Concepts and Background
Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

3 Presentation Outline Privacy Concepts and Background
Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

4 Privacy: An Important Aspect of Regulatory Compliance
(Example of Process) Regulations (incomplete list …) 10 April, 2019

5 Privacy: Impact on Users and Enterprises
Privacy Legislation (EU Laws, HIPAA, COPPA, SOX, GLB, Safe Harbour, …) Customers’ Expectations Internal Guidelines Personal Data Applications & Services PEOPLE ENTERPRISE Regulatory Compliance Customers’ Satisfaction Positive Impact on Reputation, Brand, Customer Retention 10 April, 2019

6 Privacy Obligations Privacy Policies
Privacy Obligations are Policies that describe Duties and Expectations on how PII Data Should be Managed in Enterprises They dictate “Privacy-aware Information Lifecycle Management” They can be defined by Privacy Laws, Data Subjects’ Preferences and Enterprise Guidelines Privacy Policies Limited Retention Limited Disclosure Limited Use Limited Collection Consent Purpose Specif. Privacy Rights Permissions Obligations 10 April, 2019

7 Presentation Outline Privacy Concepts and Background
Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

8 Privacy Obligations: A Complex Topic …
Short-term Long-term Duration One-time Ongoing Enforcement Constraints dictated by Obligations: Notice Requirements Enforcement of opt-in/opt-out options Limits on reuse of Information and Information Sharing Data Retention limitations … “Delete Data XYZ after 7 years” “Notify User via 1 If his Data is Accessed” Types Transactional Data Retention & Handling Other Event-driven Obligations Context Dependent on Access Control Independent from Access Data Subject Setting Enterprise “How Represent Privacy Obligations? How to Stick them to Personal Data? How to Manage, Enforce and Monitor them? How to Integrate them into current IDM solutions?” 10 April, 2019

9 Privacy Obligations: Common Aspects
Timeframe (period of validity) of obligations Target of an obligation (PII data) Events/Contexts that trigger the need to fulfil obligations Actions/Tasks/Workflows to be Enforced Responsible for enforcing obligations Exceptions and special cases 10 April, 2019

10 Technical Work in this Space
- P3P (W3C): - Definition of User’s Privacy Expectations - Explicit Declaration of Enterprise Promises - No Definition of Mechanisms for their Enforcement Data Retention Solutions, Document Management Systems, Ad-hoc Solutions for Vertical Markets - Limited in terms of expressiveness and functionalities. - Focusing more on documents/files not personal data - IBM Enterprise Privacy Architecture, EPAL, XACML … - No Refined Model of Privacy Obligations - Privacy Obligations Subordinated to AC. Incorrect … 10 April, 2019

11 Our Approach in EU PRIME Project
Privacy Obligations are “First-Class entities”: No Subordination to Access Control/Authorization View  Explicit Representation, Management and Enforcement of Privacy Obligations Allow Data Subjects to Express their Privacy Preferences that are Mapped into Enterprises’ Obligations Provide a Solution to Enterprises to Automate the Management 10 April, 2019

12 Obligation Management System (OMS): Model
Framework Obligations Scheduling Enforcement Monitoring Privacy Obligations Privacy Preferences Data Subjects Administrators Personal Data (PII) ENTERPRISE 10 April, 2019

13 Privacy Obligations: Modelling and Representation
Targeted Personal Data References to stored PII data e.g. Database query, LDAP reference, Files, etc. Privacy Obligation Obligation Identifier Triggering Events One or more Events that trigger different Actions e.g. Event: Time-based events Access-based Context-based On-Going Events Actions: Delete, Notify, … Actions Additional Metadata (Future Extensions) 10 April, 2019

14 Simple Example of Privacy Obligation
Explicit Reference to a Piece of Customer Data (Target) Time-based triggering Event Prescribed Actions Involving Notification of Customer and data Deletion 10 April, 2019

15 Setting Privacy Obligations
OMS: High Level System Architecture Enforcing Privacy Obligations Applications and Services Data Subjects Privacy-enabled Portal Admins Monitoring Privacy Obligations Setting Privacy Obligations On Personal Data Obligation Monitoring Service Events Handler Monitoring Task Handler Admins Obligation Server Workflows Obligation Scheduler Obligation Enforcer Information Tracker Action Adaptors ENTERPRISE Audit Server Data Ref. Obligation Obligation Store & Versioning Confidential Data 10 April, 2019

16 Presentation Outline Privacy Concepts and Background
Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

17 Current Model: Association of Privacy Obligations to Personal Data
+ Privacy Obligations Obligations Privacy Preferences (Deletion, Notification, etc.) are Embedded within Obligations Association of Privacy To PII Data 1:1 Association Privacy Obligations Obligation Management System Personal Data Data Subjects (Users) Personal Data Enterprise Data Repositories ENTERPRISE 10 April, 2019

18 Example of Embedded Preferences/Refs
Explicit Reference to a Piece of Customer Data Time-based triggering Event Prescribed Actions Involving Notification of Customer and data Deletion 10 April, 2019

19 Current Approach: Pros and Cons
Provides Flexible, Fine-grained Mechanism to End-Users to Express their Privacy Preferences Supports Mechanism to Automatically Turn Privacy Preferences into Obligations Supports Customisation of Obligations (Events/Actions) as long as supported by the OMS Cons (Linear) Growth of Number of Managed Obligations depending on Size of Data High Demand on Management and Monitoring Resources Administrative and GUI Usability Issues in case of Large Amounts of PII data and Associated Obligations 10 April, 2019

20 Open Issues Scalability Problem when Handling Large Amounts of PII Data (>100K) and Related Privacy Preferences: Too many (Similar) Obligations to be Handled Too many (Computational) Resources might be Required by OMS Difficult to Administer Large Number of Obligations (not Scalable) Need for Adequate Administrative Tools, inclusive of Admin GUI Capabilities (Importance of HCI Aspects …) 10 April, 2019

21 Open Issues: Current Administrative Tools
10 April, 2019

22 Presentation Outline Privacy Concepts and Background
Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

23 Learning Contexts PRIME: Integration of OMS Component in PRIME Integrated Prototype (IPV1) HP: Integration of OMS with HP OpenView Select Identity to enable Privacy-aware Information Lifecycle Mgmt during Identity Provisioning 10 April, 2019

24 Learnt Lessons [1/3] It is not feasible for the Enterprise to allow Users to Define any Arbitrary Combinations of Privacy Preferences and Constraints Specifications – even within the Types of Obligations that an Enterprise can potentially Support: Involved Costs and Complexity Usability Aspects for End-Users (e.g. Policy Authoring) Not all the Potential Combinations of Constraints make Sense … 10 April, 2019

25 Learnt Lessons [2/3] End-Users are actually NOT so Interested in Dealing with the Authoring of Obligations and/or Coping with Related Complexity: Need for Simple and Intuitive Visual Approaches to Capture Relevant Privacy Preferences (Source: Karlstad University – OMS GUI Trial) Little Efforts should be Required: Just Express Preferences… Lack of Users’ Knowledge in Privacy Matters 10 April, 2019

26 Learnt Lessons [3/3] Enterprise Administrators Need Effective Admin Tools to Manage and Monitor Obligations: Intuitive Administrative Tools and GUIs Easy Ways to Retrieve Obligations Easy Ways to Handle the Lifecycle of Obligations 10 April, 2019

27 Approach Followed in PRIME [1/2]
It is Preferable to Provide Users with a “List” of Predefined Types of Privacy Obligations supported by the Enterprise Each Obligation Type has a Predefined Structure (e.g. set of Events and Actions)  “Obligation Template” Each Obligation Type explicitly describes which Privacy Preferences need to be Specified by the End-User End-Users see a “Natural Language” Description of these Obligations. They only need to Provide the related Privacy Preferences via Simplified GUIs 10 April, 2019

28 Actual Approach Followed in PRIME [2/2]
Obligation Templates (Types) Obligation Template (Type): Defines Obligation Structure Defines Types of Privacy Prefs Attempt to Access Service Request to Disclose PII Data & List of Relevant Obligation Templates Privacy Admins Req. PII Data + Privacy Prefs. User PRIME GUI Disclose PII + Privacy Prefs. Push Instantiated Obligation Templates (i.e. with Privacy Prefs) Obligation Management System PRIME Toolbox ENTERPRISE 10 April, 2019

29 Example of Obligation Template
Deletion Preference: Specified by User User Id References: Automatically Filled In by OMS 10 April, 2019

30 Some Important Observations
Obligation Templates Do Not Solve the Scalability Problem: For each piece of PII Data  one or more Obligations still Need to be Generated and Associated However: All Obligations generated by an Obligation Template are Structurally Identical (Same Set of Events/Actions) They only differ because of Embedded Privacy Preferences and/or Embedded PII References 10 April, 2019

31 Towards A More Scalable Management of Privacy Obligations
Why not Managing Obligations in a way that is Parametric to Privacy Preferences and References? Why not “solving” these References at the Enforcement/Monitoring Time?  Concept of Parametric Privacy Obligations … 10 April, 2019

32 Presentation Outline Privacy Concepts and Background
Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

33 Parametric Privacy Obligations
Parametric Obligation: contains a Parametric Definition of Obligation’s Target, Events, Actions Its Structure is still based on Predefined Obligation Templates However, once Instantiated, it contains References to Personal Data and Privacy Preferences Privacy Preferences are Not Embedded Anymore within Parametric Obligations but they are Stored in a Separated Repository (controlled by OMS) References are Resolved by OMS at Runtime 10 April, 2019

34 (Deletion, Notification,etc.)
New Model based on Parametric Obligations [1/2] Personal Data + Privacy Preferences Parametric Obligation1 Privacy Obligations Derived From Templates Obligation2 Privacy Preferences Obligation Management System Personal Data Data Subjects (Users) N:1 Association Privacy Prefs. Personal Data Privacy Preferences (Deletion, Notification,etc.) Enterprise Data Repositories ENTERPRISE 10 April, 2019

35 New Model based on Parametric Obligations [2/2]
Each Parametric Obligations Can be Associated to a Large Set of PII Data (Target) Drastic Reduction of Number of Explicit Instances of (Similar) Obligations Easier Administrative Management of Obligations OMS still has to Keep Track of Fine Grained Operational Information about the Management of “Obligations” for each Piece of PII Data: Status of Events Status of Enforced Actions More Complexity in Obligation Definition (Target) … 10 April, 2019

36 Hybrid Obligation Management Model
Deal with both: “Traditional” Obligations Parametric Obligations Hybrid Model to Address: Flexibility in Specifying ad-hoc Obligations Minimise, if Required, Redundancy of Managed Obligations – in case of Large Number of PII Data Give a Choice on which Type of Obligations to Use Ensure that the Required Level of Scalability, Flexibility and Customisation can be Provided Parametric Obligations Traditional Obligations 10 April, 2019

37 Discussion The Proposed Model does not Limit the Control that Users can have in Specifying Privacy Preferences The Number of “Similar” Obligations Managed by the OMS is Reduced. Less Computational Resources. More Scalability in Managing Obligations. R&D Work still needs to be Done to Provide a more Suitable Admin GUI and related Tools to Administrators Full Implementation is Required to Analyse Results and Compare against Current OMS System … This is Work in Progress … 10 April, 2019

38 Current Status and Next Steps
We are Extending the Current OMS System to Handle also Parametric Obligations (i.e. Hybrid Model) First Fully Working Prototype to be Completed in 2-3 months: Scalability and Performance will be Analysed and Results Published Next Steps - Continue our Research in the Context of PRIME and HPL Projects: Further Refine the Hybrid/Parametric Model Explore the Management Lifecycle of Parametric Obligations Build more Advanced Admin GUIs and Related Tools 10 April, 2019

39 Presentation Outline Privacy Concepts and Background
Our Current Work on Obligation Management Scalability Problems and Open Issues Learnt Lessons Moving Towards Scalable Obligation Mgmt Conclusions

40 Conclusions Privacy Management is Important for Enterprises
Focus on Providing Tools to Handle Privacy Obligations First Implementation of Obligation Management System in PRIME and HPL as a Proof-of-Concept: Scalability Issues … Important Requirement: Handle Obligations on Large set of PII Data (>100k) Learnt Lessons: Avoid Defining Redundant Obligations & Simplicity Moving Towards Parametric Privacy Obligations Possibility to Leverage an Hybrid Model Working Prototype based on this Model will be Available soon for Tests and Comparative Analysis … R&D Work in Progress … 10 April, 2019

41 BACKUP Slides 10 April, 2019

42 the security and confidentiality of customer information”
Privacy Obligation Refinement: Abstract vs. Refined Obligations can be very abstract: “Every financial institution has an affirmative and continuing obligation to respect customer privacy and protect the security and confidentiality of customer information” Gramm-Leach-Bliley Act More refined Privacy Obligations dictate Duties, Expectations and Responsibilities on How to Handle Personal Data: Notice Requirements Enforcement of opt-in/opt-out options Limits on reuse of Information and Information Sharing Data Retention limitations … 10 April, 2019

43 Key Requirements Explicit Modeling and Representation of privacy obligations (Strong) Association of obligations to data Mapping obligations into enforceable actions Compliance of refined obligations to high-level policies Tracking the evolution of obligation policies Dealing with Long-term Obligation aspects Accountability management and auditing Monitoring obligations User involvement Handling Complexity and Cost of instrumenting Apps and Services 10 April, 2019

44 Potential Model Implementations [1/2]
Based on “General Purpose Approach” to Manage Parametric Obligation: General-purpose OMS Data Structure to Store Operational Information about Events Actions Pros: it works for all types of parametric obligations Cons: it might need to be extended for new types of parametric obligations it cannot be optimised for each type of parametric obligations 10 April, 2019

45 Potential Model Implementations [2/2]
Based on the Concept of “Obligation Blade”: Each Parametric Obligation comes in a “bundle” including also the definition of required OMS Data Structures to support that obligation Pros: it allows for further optimisation Cons: it introduced more complexity in the definition and administration of each type of parametric obligations 10 April, 2019

46

Download ppt "Towards Scalable Management of Privacy Obligations in Enterprises"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.
Basic guidelines for the creation of a DW Create corporate sponsors and plan thoroughly Determine a scalable architectural framework for the DW Identify.

Basic guidelines for the creation of a DW Create corporate sponsors and plan thoroughly Determine a scalable architectural framework for the DW Identify.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
Chapter 1: The Database Environment

Chapter 1: The Database Environment
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Process-oriented System Automation Executable Process Modeling & Process Automation.

Process-oriented System Automation Executable Process Modeling & Process Automation.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Software Engineering Muhammad Fahad Khan

Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.

Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
1 Introduction to Database Systems. 2 Database and Database System / A database is a shared collection of logically related data designed to meet the.

1 Introduction to Database Systems. 2 Database and Database System / A database is a shared collection of logically related data designed to meet the.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
Delivering business value through Context Driven Content Management Karsten Fogh Ho-Lanng, CTO.

Delivering business value through Context Driven Content Management Karsten Fogh Ho-Lanng, CTO.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Similar presentations

Ads by Google