In this paper we look at the complex area of a global outsourcing delivery model among different countries and/or organizations. In this case, privacy requirements stemming from requirements of various countries of data origin need to be honoured and taken into account during the data lifecycle. We review practical privacy management challenges arising in large, global organizations and discuss technology needed to address them. As a first example we describe the design of a privacy tool built and deployed to help an organization identify and manage privacy concerns in the context of Business Process Outsourcing (BPO). As a generalization of this technology we present an automated solution for scalable, accountable privacy management.


Privacy management business process outsourcing accountability 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hecker, M., Dillon, T.S., Chang, E.: Internet Computing Privacy Ontology Support for E-Commerce, vol. 12(2), pp. 54–61. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  2. 2.
    Martimiano, L.A.F., Goncalves, M.R.P., dos Santos Moreira, E.: An ontology for privacy policy management in ubiquitous environments, NOMS, pp. 947–950. IEEE, Los Alamitos (2008)Google Scholar
  3. 3.
    Pearson, Sander, Sharma. Privacy Management for Global Organizations, HP-TR (2009)Google Scholar
  4. 4.
    Organization for Economic Co-operation and Development (OECD): Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data, OECD, Geneva (1980)Google Scholar
  5. 5.
    Galway Project, Plenary Session Introduction, p. 5 (April 8, 2009)Google Scholar
  6. 6.
    Weitzner, A., Berners-Lee, F., Hendler, S.: Information Accountability. Communications of ACM 51(6) (June 2008)Google Scholar
  7. 7.
    Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, Accountable Privacy Management for Large Organizations. In: INSPEC 2009. IEEE, Los Alamitos (2009)Google Scholar
  8. 8.
    IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004),
  9. 9.
    OASIS: eXtensible Access Control Markup Language (XACML),
  10. 10.
    Cranor, L.: Web Privacy with P3P. O’Reilly & Associates, Sebastopol (2002)Google Scholar
  11. 11.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001),
  12. 12.
  13. 13.
  14. 14.
    OASIS: eContracts Specification v1.0 (2007),
  15. 15.
    Travis, D., Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)CrossRefGoogle Scholar
  16. 16.
    Kenny, S., Borking, J.: The Value of Privacy Engineering, JILT (2002)Google Scholar
  17. 17.
    Privacy and Identity Management for Europe (2008),
  18. 18.
    Russel, S., Norvig, P.: Artificial Intelligence – A Modern Approach. Prentice-Hall, Englewood Cliffs (2003)Google Scholar
  19. 19.
    Dicodess: Open Source Model-Driven DSS Generator,
  20. 20.
    XpertRule: Knowledge Builder,

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Siani Pearson
    • 1
  • Tomas Sander
    • 2
  • Rajneesh Sharma
    • 3
  1. 1.Systems Security Lab, HP LabsBristolUK
  2. 2.Systems Security Lab, HP LabsPrincetonUSA
  3. 3.GBS BCP and Security TeamBangaloreIndia

Personalised recommendations