Dealing with Privacy Obligations in Enterprises

This paper focuses on the problem of dealing with privacy obligations in enterprises. Privacy obligations dictate expected behaviours, tasks and constraints that must be satisfied when handling personal and confidential data. This includes being compliant with data retention policies and satisfying constraints dictated by customers’ opt-in and opt-out choices.

[1]  Günter Karjoth,et al.  A privacy policy model for enterprises , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[2]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[3]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[4]  Michael Waidner,et al.  Privacy-enabled services for enterprises , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[5]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[6]  R. Anderson The Eternity Service , 1996 .

[7]  Nancy R. Mead,et al.  Survivability: Protecting Your Critical Systems , 1999, IEEE Internet Comput..

[8]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[9]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[10]  Siani Pearson,et al.  Towards Accountable Management of Privacy and Identity Information , 2003, ESORICS.

[11]  Marco Casassa Mont,et al.  Dealing with Privacy Obligations: Important Aspects and Technical Approaches , 2004, TrustBus.

[12]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[13]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[14]  Peter G. Neumann,et al.  Practical Architectures for Survivable Systems and Networks , 1999 .

[15]  Sushil Jajodia,et al.  Obligation monitoring in policy management , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.