Shayak Sen , Saikat Guha , Anupam Datta , Sriram K. Rajamani , Janice Tsai , and Jeannette M. Wing , presented a paper entitled Bootstrapping Privacy Compliance in Big Data Systems , at IEEE Symposium on Security and Privacy 2014, 19-21 May 2014 in San Jose, California, USA.
Here is the abstract:
With the rapid increase in cloud services collecting and using user data to offer personalized experiences, ensuring that these services comply with their privacy policies has become a business imperative for building user trust. However, most compliance efforts in industry today rely on manual review processes and audits designed to safeguard user data, and therefore are resource intensive and lack coverage. In this paper, we present our experience building and operating a system to automate privacy policy compliance checking in Bing. Central to the design of the system are (a) LEGALEASE — a language that allows specification of privacy policies that impose restrictions on how user data is handled; and (b) GROK — a data inventory for Map-Reduce-like big data systems that tracks how user data flows among programs. GROK maps code-level schema elements to datatypes in LEGALEASE, in essence, annotating existing programs with information flow types with minimal human input. Compliance checking is thus reduced to information flow analysis of big data systems. The system, bootstrapped by a small team, checks compliance daily of millions of lines of ever-changing source code written by several thousand developers.
The paper is discussed in a new post by Derrick Harris at GigaOm : New Microsoft privacy framework lets lawyers, developers and their code speak the same language .
Filed under: Applications, Software, Technology developments, Technology tools Tagged: Anupam Datta, Derrick Harris, GigaOm, GROK, IEEE Symposium on Security and Privacy, IEEE Symposium on Security and Privacy 2014, Janice Tsai, Jeannette M. Wing, Legal compliance information systems, Legal compliance systems, LEGALEASE, Modeling legal rules, Modeling policies, Modeling privacy law rules, Policy modeling, Privacy law compliance information systems, Privacy law compliance systems, Privacy law information systems, Saikat Guha, Shayak Sen, Sriram K. Rajamani
via Legal Informatics Blog http://ift.tt/1pif4XP
Niciun comentariu:
Trimiteți un comentariu