Presentation is loading. Please wait.

Presentation is loading. Please wait.

Specifying Personal Privacy Policies to Avoid Unexpected Outcomes George Yee and Larry Korba {George.Yee, PST 2005 October 12-14, 2005.

Published byDorthy Horn Modified over 9 years ago

Similar presentations

Presentation on theme: "Specifying Personal Privacy Policies to Avoid Unexpected Outcomes George Yee and Larry Korba {George.Yee, PST 2005 October 12-14, 2005."— Presentation transcript:

1 Specifying Personal Privacy Policies to Avoid Unexpected Outcomes George Yee and Larry Korba {George.Yee, Larry.Korba}@nrc.ca PST 2005 October 12-14, 2005

2 Overview Introduction Privacy policies and e-services Unexpected outcomes Preventing unexpected outcomes Conclusions and future research

3 Introduction Drivers for personal privacy policies –Growth of the Internet greater consumer exposure to e-services growth of consumer awareness to lack of privacy –Privacy legislation greater consumer awareness of privacy rights Privacy policies on the Internet –Posted privacy policies –P3P privacy policies for web sites Browser plug-in allows checking of personal privacy preferences against web site’s policy “Privacy Bird”: check preferences, display policy in easy to understand language, customizable warnings

4 Privacy policies and e-services Consumer privacy policy Necessary content implied by privacy legislation (minimal policy) Simple so that it can be understood by the average e- service consumer Machine processable, e.g. using XML-based language such as APPEL Provider has its own policy Policy Use: E-learning Owner: Alice Consumer Proxy: No Valid: unlimited Collector: Any What: name, address, tel Purposes: identification Retention Time: unlimited Disclose-To: none Collector: Any What: Course Marks Purposes: Records Retention Time: 2 years Disclose-To: none { { { Header Privacy Rule

5 Privacy policies and e-services Privacy Management Model –Consumer & provider each have a privacy policy –Prior to engaging a service, privacy policies are exchanged between consumer and provider to see if they match –Provider requests private data according to it’s privacy policy –Consumer may resist any privacy reduction may only be willing to provide private data according to her preferences –A match between policies occurs if in the respective policies, Otherwise, there is a mismatch. privacy reduction allowed by consumer ≥ privacy reduction required by provider

6 Privacy policies and e-services Policy mechanics –A privacy policy is considered upgraded (downgraded) if the new version represents more (less) privacy than the prior version. –Where time is involved, a private item held for less time is considered more private*. *as long as it is thoroughly expunged!

7 Unexpected outcomes Interested in outcomes from the matching of privacy policies arising from: –How the match was obtained –Matching policy content Outcomes: How the matching was obtained: –A match may have been obtained through an upgrade/downgrade (during negotiation) Upgrade: provider required too much user privacy reduction; provider upgrades its policy (more privacy via less private data) Unexpected outcome: private data left out may lead to extra costs, e.g. leaving out credit card requirement leads to more costly means of payment

8 Unexpected outcomes Downgrade: mismatch due to consumer policy allowing too little privacy reduction so consumer downgrades her policy (less privacy) to give more private data to the provider More examples in paper… Unexpected outcome: extra private data leads to provider needing to put more costly data protection safeguards in place, e.g. highly sensitive health information

9 Preventing unexpected negative outcomes: Need “well-formed” policies Definition 1: Unexpected negative outcome The use/development of privacy policies such that a) the outcome is unexpected by both provider and consumer, and b) the outcome leads to either provider and/or consumer experiencing some loss, which could be private information, money, time, convenience, job, etc., including serious losses.

10 Preventing unexpected outcomes Definition 2: A well-formed (WF) privacy policy (for either consumer or provider) is one that does not lead to unexpected negative outcomes. Definition 3: A near well-formed (NWF) privacy policy is one in which the attributes valid, collector, retention time, and disclose-to have each been considered against all known misspecifications that can lead to unexpected negative outcomes. A NWF privacy policy is the best that we can achieve at this time –No guarantee unexpected negative outcomes will not occur –Reduces the probability that they will occur.

11 Preventing: Some Rules Rule for Valid: Time period must be >= longest retention time. (There is always a consumer privacy policy governing the consumer information.)

12 Preventing: Some Rules Rule for Collector: Availability of the individual to receive the information must be considered.

13 Preventing: Some Rules Rule for Retention Time: Consequences of the retention time expiration (provider destroys corresponding information) must be considered. –If the consequences do not lead to unexpected negative outcomes, proceed to specify the desired time. Otherwise, or if there is doubt, specify the length of time the service will be used.

14 Preventing: Some Rules Rule for Disclose-To: Consequences of successive propagation of your information starting with the first party mentioned in the Disclose-To must be considered. –If the consequences do not lead to unexpected negative outcomes, proceed with the specification of the Disclose-To party or parties. Otherwise, or if there is doubt, specify “none” or “name of receiving party, no further”.

15 Preventing unexpected outcomes: Approach Incorporate the above rules when specifying initial policy –Use an automatic or semi-automatic specification method (e.g. G. Yee and L. Korba, “Semi-Automated Derivation of Personal Privacy Policies”, Proceedings, The IRMA International Conference 2004 (IRMA 2004), New Orleans, May 23-26, 2004.) –Rules application may employ a combination of artificial intelligence and user/provider query/response techniques to appreciate consequences. –Apply rules during manual policy specification employing a tool for exploring possible consequences.

16 Preventing unexpected outcomes Use privacy policy negotiation where NWF policies from initial specification do not match: Avoid undoing NWF-ness from initial specification; upgrades and downgrades may inadvertently undo the NWF-ness. Take advantage of negotiation to expose a needed application of the above rules. Paper provides examples

17 Summary –Unexpected outcomes can arise from matching of privacy policies –Proposed an approach using near-well-formed policies to minimize unexpected negative outcomes Approach will work for other privacy policy formulations –Privacy policy formulations Must conform to privacy legislation Therefore they do not differ substantially our approach is a minimal policy that conforms.

18 Conclusions and future research Further research: –Explore further unexpected negative outcomes –Tools for consequences exploration –Other methods for avoiding or mitigating unexpected negative outcomes –Implement the proposed approach (extend current prototype) –Application in other areas: security risk analysis

19 Thank-you

20 Preventing unexpected outcomes Nursing Online (Provider)Alice (Consumer) OK if a nurse on our staff be told your medical condition? No, only Dr. Alexander Smith can be told my medical condition. We cannot provide you with any nursing service unless we know your medical condition. OK, I’ll see Dr. Smith instead. You are putting yourself at risk. What if you need emergency medical help for your condition and Dr. Smith is not available? You are right. Do you have any doctors on staff? Yes, we always have doctors on call. OK to allow them to know your medical condition? That is acceptable. I will modify my privacy policy to share my medical condition with your doctors on call. Example negotiation (read from left to right, top to bottom): Negotiation guides the application of the rule for collector, preventing the unexpected outcome that Alice will be left with no medical help.

Download ppt "Specifying Personal Privacy Policies to Avoid Unexpected Outcomes George Yee and Larry Korba {George.Yee, PST 2005 October 12-14, 2005."

Similar presentations

EXPERIENCES OF OTHER COUNTRIES IN REGULATION OF PAYMENT CARDS SYSTEM This section reviews the regulatory experiences of other countries with respect to.

EXPERIENCES OF OTHER COUNTRIES IN REGULATION OF PAYMENT CARDS SYSTEM This section reviews the regulatory experiences of other countries with respect to.
CHAPTER 25 Checking Accounts. CHAPTER 25 Checking Accounts.

CHAPTER 25 Checking Accounts. CHAPTER 25 Checking Accounts.
Presented by: Blue Green Systems. Inspiration Why people buy/sell online  Convenience  Better Prices  Variety  Fewer Expenses  Comparison of Prices.

Presented by: Blue Green Systems. Inspiration Why people buy/sell online  Convenience  Better Prices  Variety  Fewer Expenses  Comparison of Prices.
1 of 56 3.1: Multi-Currency Payments / DA0813 Last updated: 05-00 Project Walkthrough: Multi-Currency Payments Multi-Currency Payments.

1 of : Multi-Currency Payments / DA0813 Last updated: Project Walkthrough: Multi-Currency Payments Multi-Currency Payments.
 Email Management has become a multi-faceted complex task involving:  Storage Management  Content Management  Document Management  Quota Management.

 Management has become a multi-faceted complex task involving:  Storage Management  Content Management  Document Management  Quota Management.
Lock Out/Tag Out Training 2012. Lock-Out/Tag-Out OSHA Definition. Lockout/Tagout (LOTO) refers to specific practices and procedures to safeguard employees.

Lock Out/Tag Out Training Lock-Out/Tag-Out OSHA Definition. Lockout/Tagout (LOTO) refers to specific practices and procedures to safeguard employees.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
2012 National APSE Conference Lisa Mills, Consultant on Employment Systems Change and Medicaid Waiver Employment Services.

2012 National APSE Conference Lisa Mills, Consultant on Employment Systems Change and Medicaid Waiver Employment Services.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
 Main Benefit: › The main benefit that is occurred by introducing a new system to work with or instead of the old system, is the forms of cost saving.

 Main Benefit: › The main benefit that is occurred by introducing a new system to work with or instead of the old system, is the forms of cost saving.
2010-2011 SANTA ROSA DISTRICT SCHOOLS E-Mail, Internet, and Social Media Acceptable Use and Risk Policy 1.

SANTA ROSA DISTRICT SCHOOLS , Internet, and Social Media Acceptable Use and Risk Policy 1.
1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.

1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Analysis of privacy risks and measurement of privacy protection in Web Services complying with privacy policy Prepared by Ashif Adnan, Omair Alam, Aktar-uz-zaman.

Analysis of privacy risks and measurement of privacy protection in Web Services complying with privacy policy Prepared by Ashif Adnan, Omair Alam, Aktar-uz-zaman.
PPA 503 – The Public Policy Making Process Lecture 7c – How to Ask for Action or Propose Policy on Behalf of a Group.

PPA 503 – The Public Policy Making Process Lecture 7c – How to Ask for Action or Propose Policy on Behalf of a Group.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.

Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.

Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.

Similar presentations

Ads by Google