On Privacy-aware Information Lifecycle Management in Enterprises: Setting the Context
This paper aims at setting the context for privacy-aware information lifecycle management within enterprises, i.e. the process of handling the lifecycle of personal and confidential information in a way that is compliant with privacy laws and people’s expectations (including data retention, deletion, notifications, data transformation, etc.). Despite the fact that enterprises are already using Information Lifecycle Management (ILM) and Identity Management (1DM) solutions to store and manage various types of data, in terms of “privacy-aware” lifecycle management of information much is still done by means of manual processes that are complex and hard to monitor. This is a green field, open to innovation. We argue that automation can be introduced to address this aspect by leveraging, among other things, existing enterprise ILM and 1DM solutions.
In this context, we investigate and analyse core privacy requirements and issues that need to be addressed by enterprises along with their implications and impact on existing ILM and 1DM solutions. The goal is to create awareness and suggest potential ways to move towards their automation and simplification. We provide an overview of research and work done by HP Labs to develop approaches and technologies that can help enterprises to implement and automate aspects of privacy-aware information lifecycle management.
Unable to display preview. Download preview PDF.
- [BDJKO5]Beigi, M., Devarakonda, M., Jam, R., Kaplan, M., Pease, D., Rubas, J., Sharma, U., Verma, A.: Policy-based information lifecycle management in a large-scale file system. Policies for Distributed Systems and Networks, 2005, Sixth IEEE International Workshop on, 6-8 June 2005, 2005Google Scholar
- [CaBPO3]Casassa Mont, M. Bramhall, P., Pato, J.: On Adaptive Identity Management: The Next Generation of Identity Management Technologies. HP Labs Technical Report, HPL-2003-149, 2003Google Scholar
- [CasaO4a]Casassa Mont, M.: Dealing with Privacy Obligations in Enterprises. HP Labs Technical Report, HPL-2004-109, 2004Google Scholar
- [Casa04b]Casassa Mont, M.: Dealing with Privacy Obligations: Important Aspects and Technical Approaches. TrustBus 2004, 2004Google Scholar
- [CaTBO5]Casassa Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement with HP Select Access for Regulatory Compliance. HP Labs Technical Report, HPL-2005-10, 2005Google Scholar
- [CTCBO5]Casassa Mont, M., Thyne, R., Chan, K., Bramhall, P.: Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises. HP Labs Technical Report, HPL-2005-110, 2005Google Scholar
- [DeRoO4]De Clercq, J., Rouault, J.: An Introduction to Identity Management. HP Reports, http://devresource.hp.comldrc/resources/idmgtjntro/idmgt_intro.pdf, 2004
- [HPO5a]Hewlett-Packard (HP): HP OpenView Select Identity: Overview and Features. http://www.openview.hp.comiproducts/slctid/index.html, 2005
- [HPO5b]Hewlett-Packard (HP): RISS Software Development Kit. http://h18006.wwwl.hp.com/products/storageworks/riss/sdk.html, 2005
- [IBMO4a]IBM: The Enterprise Privacy Authorization Language (EPAL). EPAL 1.2 specification, http://www.zurich.ibm.com/security/enterprise-privacy/epall, 2004
- [IBMO4b]IBM Tivoli Privacy Manager: Privacy manager main web page, http://www306.ibm.comlsoftware/tivolilproducts/pnvacy-mgr-e-bus/, 2005
- [LaurO4]Laurant, C.: Privacy International: Privacy and Human Rights 2004: an International Survey of Privacy Laws and Developments. Electronic Privacy Information Center (EPIC), Privacy International, http://www.privacyinternational.org/survey/phr2004/, 2004
- [OECD8O]OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. http://www.oecd.org/publications/e-book/930201 1E.PDF, 1980
- [PRIMO6]PRIME Project: Privacy and Identity Management for Europe. European RTD Integrated Project under the FP6/IST Programme, http://www.prime-project.eul, 2006
- [PETRO6]Petrocelli, T.: Data Protection and Information Lifecycle Management. Prentice Hall, Chapter 8, 2006Google Scholar