ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Mining rule semantics to understand legislative compliance
Full text PdfPdf (218 KB)
Source Workshop On Privacy In The Electronic Society archive
Proceedings of the 2005 ACM workshop on Privacy in the electronic society table of contents
Alexandria, VA, USA
SESSION: Short papers table of contents
Pages: 51 - 54  
Year of Publication: 2005
ISBN:1-59593-228-3
Authors
Travis D. Breaux  North Carolina State University
Annie I. Antón  North Carolina State University
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 42,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1102199.1102210
What is a DOI?

ABSTRACT

Organizations in privacy-regulated industries (e.g. healthcare and financial institutions) face significant challenges when developing policies and systems that are properly aligned with relevant privacy legislation. We analyze privacy regulations derived from the Health Insurance Portability and Accountability Act (HIPAA) that affect information sharing practices and consumer privacy in healthcare systems. Our analysis shows specific natural language semantics that formally characterize rights, obligations, and the meaningful relationships between them required to build value into systems. Furthermore, we evaluate semantics for rules and constraints necessary to develop machine-enforceable policies that bridge between laws, policies, practices, and system requirements. We believe the results of our analysis will benefit legislators, regulators and policy and system developers by focusing their attention on natural language policy semantics that are implementable in software systems.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
I. Antón , B. Earp, A requirements taxonomy for reducing Web site privacy vulnerabilities, Requirements Engineering, v.9 n.3, p.169-185, August 2004  [doi>10.1007/s00766-003-0183-z]
 
2
A.I. Antón, J.B. Earp, M. Vail, N. Jain, C. Gheen and J. Frink. "An Analysis of Web Site Privacy Policy Evolution in the Presence of HIPAA," To appear in IEEE Security and Privacy, 2005.
 
3
A.I. Antón, J.B. Earp, D. Bolchini, Q. He, C. Jensen and W. Stufflebeam, "The Lack of Clarity in Financial Privacy Policies and the Need for Standardization," IEEE Security & Privacy, v. 2 no. 2, pp. 36--45, 2004.
 
4
Annie I. Antón , Julia Brande Earp , Angela Reese, Analyzing Website Privacy Requirements Using a Privacy Goal Taxonomy, Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering, p.23-31, September 09-13, 2002
 
5
G. Antoniou, D. Billington and M. Maher. "On the Analysis of Regulations Using Defeasible Rules." In Proc. of the AAAI-98 Workshop on Knowledge Management and Business Process Reengineering, Madison, Wisconsin, pp. 46--50, July 1998.
 
6
P. Ashley, S. Hada, G. Karjoth, C. Powers and M. Schunter. Enterprise Privacy Authoring Language (EPAL), version 1.1, http: //www.zurich.ibm.com/security/enterpriseprivacy/EPAL/Specification/
 
7
Travis D. Breaux , Annie I. Anton, Deriving Semantic Models from Privacy Policies, Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05), p.67-76, June 06-08, 2005  [doi>10.1109/POLICY.2005.12]
 
8
Travis D. Breaux , Annie I. Anton, Analyzing Goal Semantics for Rights, Permissions, and Obligations, Proceedings of the 13th IEEE International Conference on Requirements Engineering (RE'05), p.177-188, August 29-September 02, 2005  [doi>10.1109/RE.2005.12]
 
9
L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall and J. Reagle. The Platform for Privacy Preferences (P3P), version 1.0, W3C Recommendation, http://www.w3.org/TR/P3P/
 
10
L. Cranor, M. Langheinrich and M. Marchiori. A P3P Preference Exchange Language (APPEL), version 1.0. W3C Working Draft, http://www.w3.org/TR/P3P-preferences/
 
11
"Fact Sheet: Protecting the Privacy of Patients' Health Information," published by the U.S. Department of Health and Human Services, Washington D.C., April 14, 2003.
 
12
"Standards for Privacy of Individually Identifiable Health Information." 45 CFR Part 160, Part 164 Subpart E. In Federal Register, vol. 68, no. 34, February 20, 2003, pp. 8334--8381.
 
13
A.J.I. Jones and M. Sergot. "Deontic Logic in the Representation of Law: Towards a Methodology." Artificial Intelligence and Law, Kluwer Academic Publishers, 1(1), pp. 45--64, March 1992.
14
Shawn Kerrigan , Kincho H. Law, Logic-based regulation compliance-assistance, Proceedings of the 9th international conference on Artificial intelligence and law, June 24-28, 2003, Scotland, United Kingdom  [doi>10.1145/1047788.1047820]
15
M. J. Sergot , F. Sadri , R. A. Kowalski , F. Kriwaczek , P. Hammond , H. T. Cory, The British Nationality Act as a logic program, Communications of the ACM, v.29 n.5, p.370-386, May 1986  [doi>10.1145/5689.5920]
 
16
R.C. Shank. "Conceptual Dependency: A Theory of Natural Language Understanding," Cognitive Psychology, v. 3, no. 4, 1972, pp. 532--631.
17
D. M. Sherman, A Prolog model of the income tax act of Canada, Proceedings of the 1st international conference on Artificial intelligence and law, p.127-136, May 27-29, 1997, Boston, Massachusetts, United States  [doi>10.1145/41735.41750]
 
18
J. F. Sowa, Conceptual structures: information processing in mind and machine, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1984
 
19
T. Moses (ed.) eXtensible Access Control Markup Language (XACML), ver. 2.0 Oasis Standard. http://xml.coverpages.org/xacml.html

CITED BY  2
Nadzeya Kiyavitskaya , Nicola Zeni , Travis D. Breaux , Annie I. Antón , James R. Cordy , Luisa Mich , John Mylopoulos, Extracting rights and obligations from regulations: toward a tool-supported process, Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering, November 05-09, 2007, Atlanta, Georgia, USA
Travis D. Breaux , Annie I. Antón , Jon Doyle, Semantic parameterization: A process for modeling domain descriptions, ACM Transactions on Software Engineering and Methodology (TOSEM), v.18 n.2, p.1-27, November 2008

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Languages

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Methodologies (e.g., object-oriented, structured)


General Terms:
Languages, Legal Aspects, Reliability, Security, Standardization

Collaborative Colleagues:
Travis D. Breaux: colleagues
Annie I. Antón: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player