|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TSP Workshop
|
|
|
|
|
Title:
|
Detecting Privacy Infractions in Applications: A Framework and Methodology
|
|
|
|
|
Author(s):
|
Michael Smit, University of Alberta, Canada ; Kelly Lyons, University of Toronto, Canada; Michael McAllister, Dalhousie University; Jacob Slonim, Dalhousie University
|
|
|
|
|
Abstract:
|
We describe a framework and methodology for managing the privacy policy of an enterprise, including creation (based on factors like privacy legislation and consumer preferences), validation and verification, deployment and enforcement, and compliance testing for business processes and software.
To evaluate this approach, one module of our framework (compliance testing) is implemented for an existing prominent electronic commerce software application. Our unique approach monitors the personal information sent and received by the software application and converts it to a standardized representation. At defined points in the electronic commerce workflow, the transmissions are compared to a set of privacy rules (extracted from a privacy policy) to ascertain compliance. Non-compliant transmissions of personal information are labeled `privacy infractions' and are addressed by stopping the workflow or by generating a report and alerting the administrator.
|
|
|
|
|
|
|
|
|
