On the Management of Consent and Revocation in Enterprises: Setting the Context
Casassa Mont, Marco; Pearson, Siani; Kounga, Gina; Shen, Yun; Bramhall, Pete
Keyword(s): Privacy, Consent, Revocation, Consent and Revocation Management, Privacy Management, Identity Management, EnCoRe Project
Abstract: The aim of this paper is to set the context for the management of consent and revocation in enterprises, create awareness and so pave the way towards better and improved practices in this area. A number of international laws and regulations mandate (to some degree) that individuals should be enabled to express their consent for the usage of their data and subsequently be allowed to revoke it. Unfortunately the practical implications and management of consent and revocation are not yet fully understood and taken into account, apart from on an ad hoc basis. Key involved aspects are: allowing individuals to retain some control over their personal data; ensuring that consent and revocation can be enforced by data receivers. This paper addresses questions such as the following: What are the key requirements and practical implications of handling consent and revocation, for individuals and organisations (data receivers)? How can we enable people to effectively express their consent when disclosing their personal data and, subsequently, to revoke it? How could we enable organisations to manage and enforce consent and revocation? We focus on an enterprise scenario, as a significant example. We discuss requirements and open issues. We provide a reference model for the management of consent and revocation and illustrate some technologies that could be used to animate it. This is work in progress. Further research will be carried out in the context of the multi-disciplinary, collaborative EnCoRe project.
External Posting Date: March 6, 2009 [Fulltext]. Approved for External Publication
Internal Posting Date: March 6, 2009 [Fulltext]