Towards defining semantic foundations for purpose-based privacy policies

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model

Enhancing user privacy through data handling policies

The protection of privacy is an increasing concern in today\u2019s global infrastructure. One of the most important privacy protection principles states that personal information collected for one purpose may not be used for any other purpose without the specific informed consent of the person it concerns. Although users provide personal information for use in one specific context, they often have no idea on how such a personal information may be used subsequently. In this paper, we introduce a new type of privacy policy, called data handling policy, which defines how the personal information release will be (or should be) dealt with at the receiving party. A data handling policy allows users to define simple and appropriate levels of control over who sees what information about them and under which circumstances

Enhancing User Privacy Through Data Handling Policies

Abstract. The protection of privacy is an increasing concern in today’s global infrastructure. One of the most important privacy protection principles states that personal information collected for one purpose may not be used for any other purpose without the specific informed consent of the person it concerns. Although users provide personal information for use in one specific context, they often have no idea on how such a personal information may be used subsequently. In this paper, we introduce a new type of privacy policy, called data handling policy, which defines how the personal information release will be (or should be) dealt with at the receiving party. A data handling policy allows users to define simple and appropriate levels of control over who sees what information about them and under which circumstances.