Aligning Privacy Values, Policies, Law and Software Requirements

Oct 12, 2005

Abstract

Effective solutions for privacy protection are of interest to industry, government and society at large, but the challenge is to satisfy the often-conflicting requirements of all these stakeholders. Legislation (such as HIPAA, COPPA and GLBA) that constrains privacy and security practices within systems and organizations present additional technical challenges. Enterprises need mechanisms to ensure that their systems are compliant with both the policies they articulate and law. Moreover, they need to understand how to specify, deploy, communicate and enforce privacy policies. Legislators and regulatory bodies need mechanisms to verify how privacy-related laws are actually enforced by enterprises in their software systems. Finally, end-users must be able to easily understand privacy policies and need effective, transparent and comprehensible online privacy-protection mechanisms.