On Privacy-aware Information Lifecycle Management in Enterprises: Setting the Context

  • Marco Casassa Mont


This paper aims at setting the context for privacy-aware information lifecycle management within enterprises, i.e. the process of handling the lifecycle of personal and confidential information in a way that is compliant with privacy laws and people’s expectations (including data retention, deletion, notifications, data transformation, etc.). Despite the fact that enterprises are already using Information Lifecycle Management (ILM) and Identity Management (1DM) solutions to store and manage various types of data, in terms of “privacy-aware” lifecycle management of information much is still done by means of manual processes that are complex and hard to monitor. This is a green field, open to innovation. We argue that automation can be introduced to address this aspect by leveraging, among other things, existing enterprise ILM and 1DM solutions.

In this context, we investigate and analyse core privacy requirements and issues that need to be addressed by enterprises along with their implications and impact on existing ILM and 1DM solutions. The goal is to create awareness and suggest potential ways to move towards their automation and simplification. We provide an overview of research and work done by HP Labs to develop approaches and technologies that can help enterprises to implement and automate aspects of privacy-aware information lifecycle management.


Privacy Policy Identity Management Confidential Information Confidential Data Privacy Preference 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BDJKO5]
    Beigi, M., Devarakonda, M., Jam, R., Kaplan, M., Pease, D., Rubas, J., Sharma, U., Verma, A.: Policy-based information lifecycle management in a large-scale file system. Policies for Distributed Systems and Networks, 2005, Sixth IEEE International Workshop on, 6-8 June 2005, 2005Google Scholar
  2. [CaBPO3]
    Casassa Mont, M. Bramhall, P., Pato, J.: On Adaptive Identity Management: The Next Generation of Identity Management Technologies. HP Labs Technical Report, HPL-2003-149, 2003Google Scholar
  3. [CasaO4a]
    Casassa Mont, M.: Dealing with Privacy Obligations in Enterprises. HP Labs Technical Report, HPL-2004-109, 2004Google Scholar
  4. [Casa04b]
    Casassa Mont, M.: Dealing with Privacy Obligations: Important Aspects and Technical Approaches. TrustBus 2004, 2004Google Scholar
  5. [CaTBO5]
    Casassa Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement with HP Select Access for Regulatory Compliance. HP Labs Technical Report, HPL-2005-10, 2005Google Scholar
  6. [CTCBO5]
    Casassa Mont, M., Thyne, R., Chan, K., Bramhall, P.: Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises. HP Labs Technical Report, HPL-2005-110, 2005Google Scholar
  7. [DeRoO4]
    De Clercq, J., Rouault, J.: An Introduction to Identity Management. HP Reports, http://devresource.hp.comldrc/resources/idmgtjntro/idmgt_intro.pdf, 2004
  8. [HPO5a]
    Hewlett-Packard (HP): HP OpenView Select Identity: Overview and Features. http://www.openview.hp.comiproducts/slctid/index.html, 2005
  9. [HPO5b]
    Hewlett-Packard (HP): RISS Software Development Kit. http://h18006.wwwl.hp.com/products/storageworks/riss/sdk.html, 2005
  10. [IBMO4a]
    IBM: The Enterprise Privacy Authorization Language (EPAL). EPAL 1.2 specification, http://www.zurich.ibm.com/security/enterprise-privacy/epall, 2004
  11. [IBMO4b]
    IBM Tivoli Privacy Manager: Privacy manager main web page, http://www306.ibm.comlsoftware/tivolilproducts/pnvacy-mgr-e-bus/, 2005
  12. [LaurO4]
    Laurant, C.: Privacy International: Privacy and Human Rights 2004: an International Survey of Privacy Laws and Developments. Electronic Privacy Information Center (EPIC), Privacy International, http://www.privacyinternational.org/survey/phr2004/, 2004
  13. [OECD8O]
    OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. http://www.oecd.org/publications/e-book/930201 1E.PDF, 1980
  14. [PRIMO6]
    PRIME Project: Privacy and Identity Management for Europe. European RTD Integrated Project under the FP6/IST Programme, http://www.prime-project.eul, 2006
  15. [PETRO6]
    Petrocelli, T.: Data Protection and Information Lifecycle Management. Prentice Hall, Chapter 8, 2006Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden 2006

Authors and Affiliations

  • Marco Casassa Mont
    • 1
  1. 1.Hewlett-Packard LaboratoriesTrusted Systems LabBristolUK

Personalised recommendations