Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

HP.com home

Technical Reports


HP Labs

» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» Worldwide sites
» Downloads
Content starts here

Click here for full text: PDF

A Customizable Privacy Assurance System based on Active Feedback

Casassa Mont, Marco; Crane, Stephen


Keyword(s): privacy; assurance; reputation; feedback; obligation management; trust; identity management

Abstract: People are often required to disclose Personal Identifying Information (PII) in order to achieve their goals, e.g. when accessing services, obtaining information and goods, etc. Being able to say with absolute certainty that another party can be trusted to properly handle personal data with today's technology is probably unrealistic. Feedback solutions based on reputation mechanisms can address aspects of trust and assurance in relation to how personal data is managed by an enterprise. However they usually rely on subjective feedback which is based on empirical experiences, and typically they do not allow individuals to systematically track and manage their specific experience. In this paper we propose an approach that enables people to monitor the status of their personal data which they have previously shared with an enterprise, service provider or other organisation - under specific conditions previously negotiated - and actively gather information on how adequately the management of these data meets their personal expectations. Ongoing monitoring and notification, and the ability of the client to form a simple record of past interaction, provides the client with greater confidence and assurance in situations where they need to share personal sensitive information with organisations they would otherwise not be able to claim they trust. This feedback process is based on conditions that are specific to the process of sharing PII and provides the client with assurance that an enterprise is a) capable and b) actually fulfilling PII processing preferences that are agreed at the time the data is disclosed, and which ultimately enables the client to form an opinion about the service provided. We present the principles of our approach and architectural components that support a practical implementation. This is work in progress and the research is on-going, carried out in the context of PRIME.

15 Pages

Back to Index

»Technical Reports

» 2009
» 2008
» 2007
» 2006
» 2005
» 2004
» 2003
» 2002
» 2001
» 2000
» 1990 - 1999

Heritage Technical Reports

» Compaq & DEC Technical Reports
» Tandem Technical Reports
Printable version
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.