Model-driven Approach for Privacy Management in Business Ecosystem

Protection of individuals with regard to the processing of personal data and the free movement of such data constitutes new challenges in terms of privacy management. Although this privacy management ought to be conducted in compliance with national and international regulation, for now we observe that no solution, model or method, fully consider and integrate these new regulations yet. Therefore, in this paper, we propose to tackle this problem through the definition of an expressive privacy metamodel which aims to represent and aggregate the concepts that are relevant to define and to deal with privacy issues, at an organizational level. Secondly, we discuss how this privacy metamodel may support and may help understanding the management of the privacy in enterprises involve in interconnected societies, by integrating the privacy metamodel with the systemic business ecosystem.

[1]  Pablo A. Pérez-Martínez,et al.  W 3-Privacy : the Three Dimensions of User Privacy in LBS , 2011 .

[2]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[3]  Bashar Nuseibeh Mobile Privacy Requirements on Demand , 2010, PROFES.

[4]  Christophe Feltus,et al.  Towards an Innovative Systemic Approach of Risk Management , 2014, SIN.

[5]  Thavy Mony Annanda Rath,et al.  Patient Privacy Preservation: P-RBAC vs OrBAC in Patient Controlled Records Type of Centralized Healthcare Information System. Case study of Walloon Healthcare Network, Belgium , 2012, eTELEMED 2012.

[6]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[7]  Bashar Nuseibeh,et al.  Adaptive Sharing for Online Social Networks: A Trade-off Between Privacy Risk and Social Benefit , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[8]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[9]  Vijayalakshmi Atluri,et al.  Preserving mobile customer privacy: an access control system for moving objects and customer profiles , 2005, MDM '05.

[10]  Christophe Feltus,et al.  Towards Systemic Risk Management in the Frame of Business Service Ecosystem , 2015, CAiSE Workshops.

[11]  Elisa Bertino,et al.  A roadmap for comprehensive online privacy policy management , 2007, CACM.

[12]  Sabrina De Capitani di Vimercati,et al.  Data Privacy: Definitions and Techniques , 2012, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[13]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[14]  Ivar Jacobson,et al.  Unified Modeling Language Reference Manual, The (2nd Edition) , 2004 .

[15]  Chen Wang,et al.  Consumer privacy concerns about Internet marketing , 1998, CACM.

[16]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[17]  Josep Domingo-Ferrer,et al.  A Three-Dimensional Conceptual Framework for Database Privacy , 2007, Secure Data Management.

[18]  Nora Cuppens-Boulahia,et al.  Contextual Privacy Management in Extended Role Based Access Control Model , 2009, DPM/SETOP.

[19]  Agusti Solanas,et al.  The pursuit of citizens' privacy: a privacy-aware smart city is possible , 2013, IEEE Communications Magazine.

[20]  Steven L. Alter Metamodel for Service Design and Service Innovation: Integrating Service Activities, Service Systems, and Value Constellations , 2011, ICIS.

[21]  Jean-Noel Colin,et al.  Towards enforcement of purpose for privacy policy in distributed healthcare , 2013, 2013 IEEE 10th Consumer Communications and Networking Conference (CCNC).

[22]  Jorge Lobo,et al.  Privacy-aware role-based access control , 2010 .

[23]  Christophe Feltus,et al.  Towards a HL7 based Metamodeling Integration Approach for Embracing the Privacy of Healthcare Patient Records Administration , 2014, SIN.

[24]  Lin Peng,et al.  Study on K-anonymity Models of Sharing Medical Information , 2007, 2007 International Conference on Service Systems and Service Management.

[25]  Nicolas Mayer,et al.  Towards a Systemic Approach for Information Security Risk Management , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).