Open AccessVisualization for privacy compliance
Author(s) -
George Yee
Publication year - 2006
Publication title -
national research council canada (government of canada)
Language(s) - English
Resource type - Conference proceedings
ISBN - 1-59593-549-5
DOI - 10.1145/1179576.1179599
Subject(s) - internet privacy , privacy policy , legislation , privacy by design , information privacy , computer science , computer security , service provider , privacy law , government (linguistics) , private information retrieval , business , notation , information flow , service (business) , marketing , law , linguistics , philosophy , arithmetic , mathematics , political science
The growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, e-health). This proliferation of e- services has put large quantities of consumer private information in the hands of the service providers, who in many cases have mishandled the information, either intentionally or unintentionally, to the detriment of consumer privacy. As a result, government bodies have put in place privacy legislation that spells out a consumer's privacy rights and how consumer private information is to be handled. Providers are required to comply with such privacy legislation. This paper proposes visualization as a tool that can be used by security or privacy analysts to understand how private information flows within and between provider organizations, as a way of identifying vulnerabilities that can lead to non-compliance. A model of private information flow and a graphical notation for visualizing this flow are proposed. An application example of using the notation to identify privacy vulnerabilities is given.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom