Avoiding Pitfalls in Policy-Based Privacy Management

View Sample PDF

Author(s): George O.M. Yee (NRC Institute for Information Technology, Canada)
Copyright: 2009
Pages: 19
Source title: Handbook of Research on Social and Organizational Liabilities in Information Security
Source Author(s)/Editor(s): Manish Gupta (State University of New York, USA)and Raj Sharman (State University of New York, USA)
DOI: 10.4018/978-1-60566-132-2.ch009

Keywords: Information Science Reference / Information Security & Privacy / IT Security and Ethics / Security & Forensics

Purchase

View Avoiding Pitfalls in Policy-Based Privacy Management on the publisher's website for pricing and purchasing information.

Abstract

The growth of the Internet is increasing the deployment of e-services in such areas as e-commerce, e-learning, and e-health. In parallel, the providers and consumers of such services are realizing the need for privacy. The use of P3P privacy policies on Web sites is an example of this growing concern for privacy. Managing privacy using privacy policies is a promising approach. In this approach, an e-service provider and an e-service consumer each have separate privacy policies. Before an e-service is engaged, the provider’s policy must be “compatible” with the consumer’s policy. However, beyond compatibility, the policies may face pitfalls arising from improper specification, misapplication, and improper maintenance (e.g. failing to keep a personal privacy policy up-to-date). This can result in the lost of privacy and even lead to serious safety issues in certain cases. This chapter gives examples of how such pitfalls can arise and suggests ways to avoid these pitfalls.

The IRMA Community

Research IRM

Avoiding Pitfalls in Policy-Based Privacy Management

Purchase

Abstract

Related Content

IRMA Sponsors