Browse Prior Art Database

Statement-first Privacy Policy Authoring

IP.com Disclosure Number: IPCOM000129152D
Original Publication Date: 2005-Sep-29
Included in the Prior Art Database: 2005-Sep-29
Document File: 1 page(s) / 28K

Publishing Venue

IBM

Abstract

Statement-first privacy policy authoring bypasses the vocabulary definition and creation allowing a privacy policy author to directly create the statements that make up a privacy policy. The vocabulary is inferred from the statements themselves. Creating privacy policies using this technique allows a much closer mapping to the human-readable text, new statements can be created easier and quicker, and it allows for automatic natural language processing in the future.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 1

Statement-first Privacy Policy Authoring

Almost all of the world uses natural language human-readable privacy policies. IBM Tivoli Privacy Manager for e-business (TPM) is the first and only product to enforce these privacy policies for an enterprise. However, in order to enforce the privacy policies, these documents must first be converted to a machine-readable format.

Privacy policies are authored using a vocabulary that is unique to each policy. When a privacy policy is created with TPM, the vocabulary is created first and then the statements that define the privacy policy are created from the vocabulary. This process to author privacy policies was approved by the development team and Human Computer Interaction (HCI) yet it is proving to be counterintuitive.

Customers who use the interface have found it difficult author privacy policies. Human-readable policies are groups of natural language statements that describe the privacy policy of the enterprise. In order to convert these documents to machine-readable formats, the vocabulary of the privacy polices must first be analyzed, extracted, and then the statements created from the vocabulary. The person responsible for an enterprise's privacy policy is typically the CPO and they are not experienced in this type of process. Statement-first privacy policy authoring solves this problem.

The following privacy policy statement will be used as an example: "IBM will only use your address to ship you products purchased from the IBM webpage."

Currently, in order to create a machine-readable privacy policy, the vocabulary is first extracted from the statement. "IBM" is the Data User, "use" is the Action, "your address" is the Data Subject and...