4,166 research outputs found
An approach to GDPR based on object role modeling
The General Data Protection Regulation 2016/679 (GDPR) is a set of legal rules to attain the privacy of people in the handling of their personal data and the movement of such data across countries. When those rules are considered in the operation of information systems, the one becomes attainable for legal
approval within that scope. This paper presents a model we are developing to help enterprises do align their information system with the GDPR requirements. The model shall serve the purpose of analyzing the enterprises in what concerns the use of the subject’s personal data, allowing to capture and improve data
protection capabilities placed in the GDPR. The main issue of our approach is to set a baseline to define the requirements for establishing, implementing, maintaining and continually improving data protection management system on organizations.info:eu-repo/semantics/publishedVersio
NLP-based Automated Compliance Checking of Data Processing Agreements against GDPR
Processing personal data is regulated in Europe by the General Data
Protection Regulation (GDPR) through data processing agreements (DPAs).
Checking the compliance of DPAs contributes to the compliance verification of
software systems as DPAs are an important source of requirements for software
development involving the processing of personal data. However, manually
checking whether a given DPA complies with GDPR is challenging as it requires
significant time and effort for understanding and identifying DPA-relevant
compliance requirements in GDPR and then verifying these requirements in the
DPA. In this paper, we propose an automated solution to check the compliance of
a given DPA against GDPR. In close interaction with legal experts, we first
built two artifacts: (i) the "shall" requirements extracted from the GDPR
provisions relevant to DPA compliance and (ii) a glossary table defining the
legal concepts in the requirements. Then, we developed an automated solution
that leverages natural language processing (NLP) technologies to check the
compliance of a given DPA against these "shall" requirements. Specifically, our
approach automatically generates phrasal-level representations for the textual
content of the DPA and compares it against predefined representations of the
"shall" requirements. Over a dataset of 30 actual DPAs, the approach correctly
finds 618 out of 750 genuine violations while raising 76 false violations, and
further correctly identifies 524 satisfied requirements. The approach has thus
an average precision of 89.1%, a recall of 82.4%, and an accuracy of 84.6%.
Compared to a baseline that relies on off-the-shelf NLP tools, our approach
provides an average accuracy gain of ~20 percentage points. The accuracy of our
approach can be improved to ~94% with limited manual verification effort.Comment: 24 pages, 5 figures, 10 tables, 1 Algorithm, TS
The Intuitive Appeal of Explainable Machines
Algorithmic decision-making has become synonymous with inexplicable decision-making, but what makes algorithms so difficult to explain? This Article examines what sets machine learning apart from other ways of developing rules for decision-making and the problem these properties pose for explanation. We show that machine learning models can be both inscrutable and nonintuitive and that these are related, but distinct, properties. Calls for explanation have treated these problems as one and the same, but disentangling the two reveals that they demand very different responses. Dealing with inscrutability requires providing a sensible description of the rules; addressing nonintuitiveness requires providing a satisfying explanation for why the rules are what they are. Existing laws like the Fair Credit Reporting Act (FCRA), the Equal Credit Opportunity Act (ECOA), and the General Data Protection Regulation (GDPR), as well as techniques within machine learning, are focused almost entirely on the problem of inscrutability. While such techniques could allow a machine learning system to comply with existing law, doing so may not help if the goal is to assess whether the basis for decision-making is normatively defensible. In most cases, intuition serves as the unacknowledged bridge between a descriptive account and a normative evaluation. But because machine learning is often valued for its ability to uncover statistical relationships that defy intuition, relying on intuition is not a satisfying approach. This Article thus argues for other mechanisms for normative evaluation. To know why the rules are what they are, one must seek explanations of the process behind a model’s development, not just explanations of the model itself
Security governance as a service on the cloud
Small companies need help to detect and to respond to increasing security related threats. This paper presents a cloud service that automates processes that make checks for such threats, implement mitigating procedures, and generally instructs client companies on the steps to take. For instance, a process that automates the search for leaked credentials on the Dark Web will, in the event of a leak, trigger processes that instruct the client on how to change passwords and perhaps a micro-learning process on credential management. The security governance service runs on the cloud as it needs to be managed by a security expert and because it should run on an infrastructure separated from clients. It also runs as a cloud service for economy of scale: the processes it runs can service many clients simultaneously, since many threats are common to all. We also examine how the service may be used to prove to independent auditors (e.g., cyber-insurance agents) that a company is taking the necessary steps to implement its security obligations
The Need for Compliance Verification in Collaborative Business Processes
Compliance constrains processes to adhere to rules, standards, laws
and regulations. Non-compliance subjects enterprises to litigation and financial
fines. Collaborative business processes cross organizational and regional
borders implying that internal and cross regional regulations must be complied
with. To protect customs’ data, European enterprises must comply with the EU
data privacy regulation (general data protection regulation - GDPR) and each
member state’s data protection laws. An example of non-compliance with
GDPR is Facebook, it is accused for breaching subscriber trust. Compliance
verification is thus essential to deploy and implement collaborative business
process systems. It ensures that processes are checked for conformance to
compliance requirements throughout their life cycle. In this paper we take a
proactive approach aiming to discuss the need for design time preventative
compliance verification as opposed to after effect runtime detective approach.
We use a real-world case to show how compliance needs to be analyzed and
show the benefits of applying compliance check at the process design stag
The Need for Compliance Verification in Collaborative Business Processes
Compliance constrains processes to adhere to rules, standards, laws
and regulations. Non-compliance subjects enterprises to litigation and financial
fines. Collaborative business processes cross organizational and regional
borders implying that internal and cross regional regulations must be complied
with. To protect customs’ data, European enterprises must comply with the EU
data privacy regulation (general data protection regulation - GDPR) and each
member state’s data protection laws. An example of non-compliance with
GDPR is Facebook, it is accused for breaching subscriber trust. Compliance
verification is thus essential to deploy and implement collaborative business
process systems. It ensures that processes are checked for conformance to
compliance requirements throughout their life cycle. In this paper we take a
proactive approach aiming to discuss the need for design time preventative
compliance verification as opposed to after effect runtime detective approach.
We use a real-world case to show how compliance needs to be analyzed and
show the benefits of applying compliance check at the process design stag
- …