Surety is performing system maintenance this weekend. Electronic date stamps on new Prior Art Database disclosures may be delayed.
Browse Prior Art Database

A Mechanism for Facilitating the Authoring, Review, and Enforcement of Privacy Policies

IP.com Disclosure Number: IPCOM000019968D
Original Publication Date: 2003-Oct-14
Included in the Prior Art Database: 2003-Oct-14
Document File: 4 page(s) / 98K

Publishing Venue



Providing the capabilities needed for organizations to ensure that their stated privacy policies are correctly enforced is difficult. Both the construction of the rules needed to define and execute a privacy policy and the presentation of these rules for verification and tracking purposes are complex challenges. This disclosure builds on Disclosure POU829929134 which has been assigned docket number POU920030020 (which defines the use of a "Privacy Label Model" for privacy policy implementation on servers) by using contextual interaction methods within a graphical user interface (GUI). This allows the privacy policy administrator to first define the business context of the privacy policy and then create the policy within this context. Once the policy is created, it allows the administrator to easily view the results within the business context. The addition of the ideas in this disclosure could greatly enhance the usability of a privacy implementation built on the Privacy Label Model and the ease with which policies created using this implementation can be understood. The users of other tools that create and administrator other types of privacy policies have often complained of the difficulty of understanding how to use the tool.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 26% of the total text.

Page 1 of 4

  A Mechanism for Facilitating the Authoring, Review, and Enforcement of Privacy Policies

  Privacy policies must be created in the context of the business processes that they apply to. In this approach, the contextual interaction method within the provided GUI allows the privacy policy administrator to first define the context by defining use scenarios for the domain in question. Using this context the administrator is then provided with graphical methods for creating purposes, privacy labels, data objects , data user roles, and actions (all defined below). Once these items are defined, the privacy policy administrator can define individual persons or computer agents as having roles. The GUI then provides methods for the visualization of the flow of data objects through the system using different levels of abstraction. At a high level of abstraction, the administrator can review what data objects user (subject) roles have authority to act on within each scenario. If there is a need, the administrator can choose a lower level of abstraction to view the data accessible by each individual data user. This is accomplished as described below. Definitions of the terms used are shown at the bottom of this section.

In order to provide the privacy policy administrator with a context for all of the elements that must be defined, a contextual interaction method within the GUI is provided which allows the administrator to define user scenarios. For each user scenario the system provides him with a GUI that allows him to define the data objects, actions that can be performed on the data, the purpose (or purposes) for which each data object is (are) collected and accessed, the actors (types of data user roles) that need to access the information, and the possible permission levels that data owners can grant for the data. Often the elements described above apply to multiple user scenarios so once an element is defined for one scenario it will be available to all other scenarios as well. Once the basic elements of each scenario are defined, the GUI allows the administrator to create the privacy labels that need to be applied to the data objects and the data users for the user scenario. A privacy label consists of both a purpose for performing an action on a piece of data and one possible privacy value assigned by the data owner. Privacy labels applied to data objects define what label a type of data user must have in order to perform the particular action defined by that label on that data object for a particular purpose. Conversely, the application of a privacy label to a data user role allows users with that role to access any data objects that have the same label for the purpose defined by the label and using the actions specified by the label.

Once an administrator has defined one or more scenarios, and within each of these scenarios has defined data objects, data user roles, possible permission levels, and privacy labels, the GUI assists the use...