ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Tracking privacy compliance in B2B networks
Full text PdfPdf (115 KB)
Source ACM International Conference Proceeding Series; Vol. 60 archive
Proceedings of the 6th international conference on Electronic commerce table of contents
Delft, The Netherlands
SESSION: Innovation, management & strategy table of contents
Pages: 376 - 381  
Year of Publication: 2004
ISBN:1-58113-930-6
Authors
Liam Peyton  University of Ottawa, Ottawa, ON, Canada
Max Nozin  University of Ottawa, Ottawa, ON, Canada
Sponsor
ICEC : International Center for Electronic Commerce
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 2,   Downloads (12 Months): 22,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1052220.1052268
What is a DOI?

ABSTRACT

Governments are now enacting comprehensive legislation that regulates how organizations collect and protect sensitive data about individuals. Typically, such legislation has focused on the relationship between consumer and business to ensure proper consent is obtained, procedures exist to safeguard data, and the consumer has recourse to challenge the business. In practice, such legislation places the entire administrative burden of tracking compliance on both the consumer and the business. More significantly, the legislation does not adequately address the sharing of private information between businesses that cooperate in providing services to consumers. In this paper, we introduce the concept of an "information transfer registry" as a mechanism to track compliance in a business to business network that is complementary to existing legislation and technical standards. We show that the concept has the added benefit of reducing the administrative burden on consumers and businesses.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Ackerman L., Kempf, J., Miki, T., Wireless Location Privacy: Law and Policy in the U.S., EU and Japan, Internet Society, 2003. http://www.isoc.org/briefings/015/index.shtml
 
2
Arnesen, R. and Danielsson, J., "A Framework for Enforcement of Privacy Policies", Nordic Security Workshop 2003. http://publications.nr.no/A_Framework_for_Enforcement_of_Privacy_Policies.pdf R@<3>Children's Online Privacy Protection Act of 1998, Federal Trade Commission, United States. http://www.ftc.gov/ogc/coppal.htm
 
4
L. Cranor, J. Reagle, Designing a Social Protocol: Lessons Learned from the Platform for Privacy Preferences, Telecommunications Policy Research Conference, Alexandria, VA, 1998 http://www.w3.org/People/Reagle/papers/tprc97/tprcf2m3.html
 
5
L. Cranor and J. Reidenberg, Can user agents accurately represent privacy notices?, Proceedings of the 30th Research Conference on Communication, Information, and Internet Policy, MIT Press, 2002. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=328860
6
Irit Dinur , Kobbi Nissim, Revealing information while preserving privacy, Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.202-210, June 09-11, 2003, San Diego, California  [doi>10.1145/773153.773173]
 
7
Directive on Privacy and Electronic Communications, European Union, 2002. http://europa.eu.int/eurlex/pri/en/oj/dat/2002/1_201/1_20120020731 en00370047.pdf
 
8
The Financial Modernization Act, Federal Trade Commission, United States, 1999. http://www.ftc.gov/privacy/glbact/
9
Robert G. Fichman , Mary J. Cronin, Information-rich commerce at a crossroads: business and technology adoption requirements, Communications of the ACM, v.46 n.9, p.96-102, September 2003  [doi>10.1145/903893.903900]
 
10
F. Gandon and N. Sadeh, A Semantic e-Wallet to Reconcile Privacy and Context Awareness, Second International Semantic Web Conference, 2003, USA. http://www2.cs.cmu.edu/~sadeh/Publications/Small Selection/ISWC2003_camera_ready.pdf
 
11
Health Insurance Portability and Accountability Act (HIPAA), United States, 1996. http://www.hipaa.org/
12
Tad Hogg , Bernardo A. Huberman , Matt Franklin, Protecting privacy while sharing information in electronic communities, Proceedings of the tenth conference on Computers, freedom and privacy: challenging the assumptions, p.73-75, April 04-07, 2000, Toronto, Ontario, Canada  [doi>10.1145/332186.332251]
 
13
J. Hong, J. Landay, An Architecture for Privacy-Sensitive Ubiquitous Computing, Berkeley EECS Annual Research Symposium 2004 www.eecs.berkeley.edu/BEARS/STARS/final/hong.pdf
14
Michiharu Kudo , Satoshi Hada, XML document security based on provisional authorization, Proceedings of the 7th ACM conference on Computer and communications security, p.87-96, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352613]
 
15
M. Mont, S. Pearson, P. Bramhall, Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services, 8th European Symposium on Research in Computer Security, Norway, 2003. http://www.hpl.hp.com/techreports/2003/HPL-2003-49.pdf
 
16
The Personal Information Protection and Electronic Documents Act (PIPEDA), Department of Justice, Canada, 2000. http://e-com.ic.gc.ca/epic/internet/inecicceac.nsf/vwGeneratedInterE/h_gv00045e.html
 
17
The Platform for Privacy Preferences 1.0 Specification, World Wide Web Consortium Recommendation, April 2002. http://www.w3.org/TR/P3P/
 
18
Schunter M., Van Herreweghen E., Waidner M., Translating EPAL to P3P, IBM, March 2003, http://www.w3.org/2003/p3p-ws/pp/ibm2.html
 
19
Schunter M., Powell C., The Enterprise Privacy Authorization Language (EPAL), IBM, June, 2003. http://www.zurich.ibm.com/security/enterprise-privacy/epal/
 
20
M. Zuidweg, J. Filho, M. van Sinderen, Using P3P in a web services-based context aware application platform, Ninth EUNICE Workshop on Next Generation Networks, Hungary, Budapest, September, 2003.www.w3.org/2003/p3p-ws/pp/utwente.pdf

CITED BY  4
Anne H. Anderson, A comparison of two privacy policy languages: EPAL and XACML, Proceedings of the 3rd ACM workshop on Secure web services, November 03-03, 2006, Alexandria, Virginia, USA
Janice Warner , Soon Ae Chun, A citizen privacy protection model for e-government mashup services, Proceedings of the 2008 international conference on Digital government research, May 18-21, 2008, Montreal, Canada
Liam Peyton , Chintan Doshi , Pierre Seguin, An audit trail service to enhance privacy compliance in federated identity management, Proceedings of the 2007 conference of the center for advanced studies on Collaborative research, October 22-25, 2007, Richmond Hill, Ontario, Canada
Janice Warner , Soon Ae Chun, Privacy protection in government mashups, Information Polity, v.14 n.1,2, p.75-90, April 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.0 General
          Subjects: Protection mechanisms


General Terms:
Legal Aspects, Security


Keywords:
compliance, electronic commerce, information transfer registry, legislation, privacy, standards

Collaborative Colleagues:
Liam Peyton: colleagues
Max Nozin: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player