Semi-Automated Derivation of Personal Privacy Policies
Dr. George Yee (NRC)
ABSTRACT
Growth of the Internet has been accompanied by growth of Internet e-services
(e.g. e-commerce, e-health). This proliferation of e-services has in turn
fueled the need to protect the personal privacy of e-service users. In past
work, my co-author and I have advocated a policy management and negotiation
approach to protecting personal privacy. However, it is evident that the
specification of a personal privacy policy must be as easy as possible for
the consumer.
In this talk, I will define the content of personal privacy policies using
privacy principles that have been enacted into legislation. I will then
present two semi-automated approaches for the derivation of personal privacy
policies. The first approach makes use of common privacy rules obtained
through community consensus. This consensus can be obtained from research
and/or surveys. The second approach makes use of existing privacy policies
in a peer-to-peer community.
BIOGRAPHY
Dr. George Yee is a senior researcher in the Information Security Group
(formerly Network Computing Group), Institute for Information Technology,
National Research Council Canada (NRC). Prior to joining the NRC in late
2001, he spent over 20 years at Bell-Northern Research and Nortel Networks.
George received his Ph.D (Electrical Engineering), M.Sc. (Systems and
Information Science), and B.Sc. (Mathematics) from Carleton University,
where he is now an Adjunct Professor. He is a senior member of IEEE, and
member of ACM and Professional Engineers Ontario. His research interests
include security and privacy for e-services, system reliability, and
system performance. WWW Site:
http://www.georgeyee.ca .