A Decision Support System for Privacy Compliance

A Decision Support System for Privacy Compliance

Siani Pearson (Cloud and Security Research Lab, HP Labs, UK) and Tomas Sander (Cloud and Security Research Lab, HP Labs, USA)
DOI: 10.4018/978-1-4666-0978-5.ch008
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Regulatory compliance in areas such as privacy has become a major challenge for organizations. In large organizations there can be hundreds or thousands of projects that involve personal information. Ensuring that all those projects properly take privacy considerations into account is a complex challenge for accountable privacy management. Accountable privacy management requires that an organization makes sure that all relevant projects are in compliance and that there is evidence and assurance that this actually is the case. To date, there has been no suitable automated, scalable support for accountable privacy management; it is such a tool that the authors describe in this chapter. Specifically, they describe a privacy risk assessment and compliance tool which they are developing and rolling out within a large, global company – called HP Privacy Advisor (HP PA) – and its generalisation and extension. The authors also bring out those security, privacy, risk, and trust-related aspects they have been researching related to this work in particular.
Chapter Preview
Top

Background

In this section we review the most relevant decision support technology as well as formalized approaches for expressing privacy and security policies.

The tool we have built is a type of expert system, as problem expertise is encoded in the data structures rather than the programs and the inference rules are authored by a domain expert. Techniques for building expert systems are well known. A key advantage of this approach is that it is easier for the expert to understand or modify statements relating to their expertise. We are able to use a relatively simple underlying representation, as it was not necessary to use confidences, or to schedule many rules that are eligible for execution at the same time through the use of a ‘conflict resolution’ strategy, as a one-step reasoning process sufficed. Issues with expert systems include:

Complete Chapter List

Search this Book:
Reset