Semi-Automated Derivation of Personal Privacy Policies

Dr. George Yee (NRC)


ABSTRACT

Growth of the Internet has been accompanied by growth of Internet e-services (e.g. e-commerce, e-health). This proliferation of e-services has in turn fueled the need to protect the personal privacy of e-service users. In past work, my co-author and I have advocated a policy management and negotiation approach to protecting personal privacy. However, it is evident that the specification of a personal privacy policy must be as easy as possible for the consumer.

In this talk, I will define the content of personal privacy policies using privacy principles that have been enacted into legislation. I will then present two semi-automated approaches for the derivation of personal privacy policies. The first approach makes use of common privacy rules obtained through community consensus. This consensus can be obtained from research and/or surveys. The second approach makes use of existing privacy policies in a peer-to-peer community.

BIOGRAPHY

Dr. George Yee is a senior researcher in the Information Security Group (formerly Network Computing Group), Institute for Information Technology, National Research Council Canada (NRC). Prior to joining the NRC in late 2001, he spent over 20 years at Bell-Northern Research and Nortel Networks. George received his Ph.D (Electrical Engineering), M.Sc. (Systems and Information Science), and B.Sc. (Mathematics) from Carleton University, where he is now an Adjunct Professor. He is a senior member of IEEE, and member of ACM and Professional Engineers Ontario. His research interests include security and privacy for e-services, system reliability, and system performance. WWW Site: http://www.georgeyee.ca .