Privacy Policies and Preferences
Privacy policies describe an enterprise’s data practices, what information is collected from individuals (subjects), what the information (objects) will be used for, whether the enterprise provides access to the information, who the recipients are of any result generated from the information, how long the information will be retained, and who will be informed in the event of a dispute. A subject releases his or her data to the custody of an enterprise while consenting to the set of purposes for which the data may be used. The subject can express his or her preferences in a set of preference rules to make decisions regarding the acceptability of privacy policies.
People have been concerned with privacy policies and preferences for more than 200 years. For example, the Hippocratic oath was written as a guideline of medical ethics for doctors in respect to a patient’s health condition, and states as follows: “Whatsoever things I see or hear concerning the...
- 1.Cheng VSY, Hung PCK. Health Insurance Portability and Accountability Act (HIPAA) compliant access control model for web services. Int J Health Inf Syst Inform. 2005;1(1):22–39.Google Scholar
- 3.Online Privacy Alliance. Effective enforcement of self regulation. Online: http://www.privacyalliance.org/resources/enforcement.shtml
- 4.Powers CS, Ashley P, Schunter M. Privacy promises, access control, and privacy management – enforcing privacy throughout an enterprise by extending access control. In: Proceedings of the 3rd International Symposium on Electronic Commerce; 2002. p. 13–21.Google Scholar