Information privacy

About: Information privacy is a research topic. Over the lifetime, 25412 publications have been published within this topic receiving 579611 citations. The topic is also known as: data privacy & data protection.

Towards a framework for tracking legal compliance in healthcare

Abstract: Hospitals strive to improve the quality of the healthcare they provide. To achieve this, they require access to health data. These data are sensitive since they contain personal information. Governments have legislation to ensure that privacy is respected and hospitals must comply with it. Unfortunately, most of the procedures meant to control access to health information remain paper-based, making it difficult to trace. In this paper, we introduce a framework based on the User Requirements Notation that models the business processes of a hospital and links them with legislation such as the Ontario Personal Health Information Privacy Act (PHIPA). We analyze different types of links, their functionality, and usefulness in complying with privacy law. This framework will help health information custodians track compliance and indicate how their business processes can be improved.

A comparison of two privacy policy languages: EPAL and XACML

Abstract: Current regulatory requirements in the U.S. and other countries make it increasingly important for Web Services to be able to enforce and verify their compliance with privacy policies. Structured policy languages can play a major role by supporting automated enforcement of policies and auditing of access decisions. This paper compares two policy languages that have been developed for use in expressing directly enforceable privacy policies -- the Enterprise Privacy Authorization Language (EPAL) and the OASIS Standard eXtensible Access Control Markup Language (XACML), together with its standard privacy profile.

For sale : your data: by : you

Abstract: Monetizing personal information is a key economic driver of online industry. End-users are becoming more concerned about their privacy, as evidenced by increased media attention. This paper proposes a mechanism called 'transactional' privacy that can be applied to personal information of users. Users decide what personal information about themselves is released and put on sale while receiving compensation for it. Aggregators purchase access to exploit this information when serving ads to a user. Truthfulness and efficiency, attained through an unlimited supply auction, ensure that the interests of all parties in this transaction are aligned. We demonstrate the effectiveness of transactional privacy for web-browsing using a large mobile trace from a major European capital. We integrate transactional privacy in a privacy-preserving system that curbs leakage of information. These mechanisms combine to form a market of personal information that can be managed by a trusted third party.