Privacy Promises, Access Control, and Privacy Management

Regulations and consumer backlash force man organizations to re-evaluate the wa they manage private data. Asa first step,the publish privac promises as text or P3P. These promises are not backed up by privacy technologythat enforces the promises throughout the enterprise. Privacy tools cover fractions of the problem while leaving themain challenge unanswered.This article describes a new approach towards enterprisewide enforcement of the privac promises. Its core is a newframework for managing collected personal data in a sensitive, trustworthy way. The framework enables enterprises toclear privacy promises, to collect and manage userpreferences and consent, and to enforce the privacy promisesthroughout the enterprise.This article shows how this new approach extends theditional view of access control to provide a more completecoverage of privacy management issues.