On the Semantics of Purpose Requirements in Privacy Policies

Details On the Semantics of Purpose Requirements in Privacy Policies On the Semantics of Purpose Requirements in Privacy Policies

2011-02-21

arxiv.org/abs/1102.4326v1

Computer Science

Cryptography and Security

34 pages, 3 figures. Tech report, School of Computer Science, Carnegie Mellon University. Submitted to the 24th IEEE Computer

Scientific paper

Privacy policies often place requirements on the purposes for which a governed entity may use personal information. For example, regulations, such as HIPAA, require that hospital employees use medical information for only certain purposes, such as treatment. Thus, using formal or automated methods for enforcing privacy policies requires a semantics of purpose requirements to determine whether an action is for a purpose or not. We provide such a semantics using a formalism based on planning. We model planning using a modified version of Markov Decision Processes, which exclude redundant actions for a formal definition of redundant. We use the model to formalize when a sequence of actions is only for or not for a purpose. This semantics enables us to provide an algorithm for automating auditing, and to describe formally and compare rigorously previous enforcement methods.

Affiliated with

Also associated with

No associations

Rating

On the Semantics of Purpose Requirements in Privacy Policies does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with On the Semantics of Purpose Requirements in Privacy Policies, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and On the Semantics of Purpose Requirements in Privacy Policies will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-557474