Privacy Rights Management: Implementation Scenarios
Larry Korba (National Research Council of Canada, Canada), Ronggong Song (National Research Council of Canada, Canada) and George Yee (National Research Council of Canada, Canada)
Copyright: © 2008
Managing privacy is important because organizations must meet legislative and organizational requirements. Some countries, such as the United States of America, have a patchwork of legislation, making it difficult to understand technical requirements. Other countries, such as Canada and the European Union, have well-established and understood privacy laws. As well, many different technologies that may be applied to provide compliance with those laws exist, but there are no established technological solutions suited for handling all of the challenging requirements expressed by privacy regulations. The question remains: how can a citizen’s privacy rights be managed or enforced? This article describes extensions to a privacy architecture that employs digital rights management technologies to manage individual data privacy. Several scenarios related to the management of personally identifiable information are described, illustrating how the system operates in support of the requirements expressed in the European Union privacy principles.