Open AccessData provenance to audit compliance with privacy policy in the Internet of Things
Author(s) -
Thomas Pasquier,
Jatinder Singh,
Julia Powles,
David Eyers,
Margo Seltzer,
Jean Bacon
Publication year - 2017
Publication title -
personal and ubiquitous computing
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.416
H-Index - 88
eISSN - 1617-4917
pISSN - 1617-4909
DOI - 10.1007/s00779-017-1067-4
Subject(s) - audit , computer science , enforcement , privacy policy , computer security , information privacy , process (computing) , privacy by design , internet privacy , confidentiality , law enforcement , data protection act 1998 , the internet , world wide web , business , accounting , political science , law , operating system
Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal data satisfy regulatory and user requirements. Thus, components handling personal data should be audited to demonstrate that their actions comply with all such policies and requirements. A valuable side-effect of this approach is that such an auditing process will highlight areas where technical enforcement has been incompletely or incorrectly specified. There is a clear role for technical assistance in aligning privacy policy enforcement mechanisms with data protection regulations. The first step necessary in producing technology to accomplish this alignment is to gather evidence of data flows. We describe our work producing, representing and querying audit data and discuss outstanding challenges.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom