Privacy in Business Processes - Disclosure of Personal Data to 3rd Parties
-
Upload
sven-wohlgemuth -
Category
Internet
-
view
93 -
download
0
Transcript of Privacy in Business Processes - Disclosure of Personal Data to 3rd Parties
1 Sven Wohlgemuth On Privacy by Observable Delegation of Personal Data
National Institute of Informatics
Privacy in Business Processes
– Disclosure of Personal Data to 3rd Parties –
Dagstuhl Perspectives Workshop 11061 Online Privacy: Towards Informational Self-Determination on the Internet
February 6-11, 2011
National Institute of Informatics
Dr. Sven Wohlgemuth Prof. Dr. Isao Echizen
Prof. Dr. Noboru Sonehara National Institute of Informatics, Japan
Prof. Dr. Günter Müller
University of Freiburg, Germany
Access control No usage control for the disclosure of personal data
2
National Institute of Informatics
1. Privacy and Disclosure of Personal Data to Third Parties
User
d
Privacy legislation: „Privacy is the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others.“ (Westin, 1967 è regulations of Germany/EU, Japan and HIPAA)
DP = Data provider DC = Data consumer d, d’ = Personal data
Disclosure of personal data to third parties
d, d’
d
Services
d, d’
d, d’
DP
DC / DP
DC / DP DC / DP
DC
Privacy in Business Processes Dr. Sven Wohlgemuth Wohlgemuth, S., Echizen I., Müller, G., and Sonehara, N., 2010
National Institute of Informatics
Patient “inherits” responsibility and risk. Dishonest parties may modify or disclose personal data to 3rd parties without authorization.
Ø Privacy Problem How can the patient control the disclosure of medical data to 3rd parties?
Hospital
Examination
Dentist
Pharmacy
Laboratory
Advertiser
Employer
Patient
Example: Cloud Computing
(e.g. Patient and Electronic Health Card Infrastructure)
Haas, S., Wohlgemuth, S., Echizen. I, Sonehara, N., and Müller, G., 2009
Drug maker
Different data protection legislations (e.g. EC 95/46/EC, Japan, HIPAA)
3 Privacy in Business Processes Dr. Sven Wohlgemuth
National Institute of Informatics
Safety of Data and Liveness of Services
Safety: Authorized execution Liveness: Desireable execution
t
Provisions
request access
Provisions: cover the time up to the access (“past and present”)
Obligations
Obligations: cover the time after the access (“future”)
4 Privacy in Business Processes Dr. Sven Wohlgemuth
Access control Usage control Wohlgemuth, S., Echizen I., Müller, G., and Sonehara, N., 2010
National Institute of Informatics
2. Usage Control by Data Provenance (1/2)
Reactive Preventive
Mechanisms & Methods
Before the execution
During the execution
After the execution
Policies
- Process Rewriting - Workflow Patterns - Vulnerability Analysis
- Enterprise Privacy Authorization Language (EPAL) - Extended Privacy Definition Tools (ExPDT)
- Model Reconstruction - Audits / Forensics - Architectures for Data Provenance
- Execution Monitoring - Non-linkable Delegation of Rights
Müller, G., Accorsi, R., Höhn, S. and Sackmann, S., 2010
5 Privacy in Business Processes Dr. Sven Wohlgemuth
National Institute of Informatics
Usage Control by Data Provenance (2/2)
- Data provenance – Information to determine the derivation history
- In an audit, data provenance can be used to restore the information flow.
Example
Medical Data
Patient Advertiser
Medical Data
Patient Advertiser
Medical Data
Patient Advertiser Laboratory
Medical Data
Patient Advertiser Laboratory
Data Provenance
Advertiser Laboratory Drug maker Drug maker
6 Privacy in Business Processes Dr. Sven Wohlgemuth Wohlgemuth, S., Echizen. I, Sonehara, N., and Müller, G., 2010
National Institute of Informatics
3. DETECTIVE: Data Provenance with Digital Watermarking
Watermarking is a method to bind provenance information as a tag to data. The EHR/Medical system must enforce that
– disclosed data is tagged with updated provenance information – provenance information is authentic.
EHR/Medical system
Data Data consumer (e.g. Advertiser)
Watermarking Service
2) Fetch data
3) Apply tag 4) Deliver tagged data
Steps of a disclosure:
1) Access request
Data provider (e.g. Local Clinic)
7 Privacy in Business Processes Dr. Sven Wohlgemuth Wohlgemuth, S., Echizen. I, Sonehara, N., and Müller, G., 2010
National Institute of Informatics Data provenance information
– Linking identities of data provider and data consumer with access to personal data.
Detection by the patient via delegated rights (privacy policy) to personal data.
Data provider Data consumer
Apply Tag
Auditor Data provider
Verify Tag
Data consumer
Patient Advertiser Laboratory
Patient (rights)
Advertiser Laboratory Patient (rights)
Patient Advertiser Laboratory
Advertiser
Laboratory
Laboratory
Advertiser
寿
DETECTIVE: Digital Watermarking Scheme
Patient Advertiser Laboratory Laboratory Advertiser
寿
8 Privacy in Business Processes Dr. Sven Wohlgemuth Wohlgemuth, S., Echizen. I, Sonehara, N., and Müller, G., 2010
National Institute of Informatics
DETECTIVE: Proof-of-Concept Implementation
Case study: Telemedicine – Consulting a clinic abroad
9 Privacy in Business Processes Dr. Sven Wohlgemuth Wohlgemuth, S., Echizen I., Müller, G., and Sonehara, N., 2010
10 Privacy in Business Processes Dr. Sven Wohlgemuth
Dr. Sven Wohlgemuth DAAD Postdoctoral Scholar
National Institute of Informatics 2-1-2 Hitotsubashi, Chiyoda-ku Tokyo 101-8430 Japan
E-Mail: [email protected] WWW: http://research.nii.ac.jp/~iechizen/official/content_e_sven.html
Wohlgemuth, S., Echizen, I., Müller, G., Sonehara, N., Privacy-compliant Disclosure of Personal Data to Third Parties, it – Information Technology 52(6), Oldenbourg, pp. 350-355, 2010. Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G., Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy, IFIP SEC 2010, IFIP AICT 330, pp. 241-252, 2010. Selected as one the best papers of IFIP SEC 2010 Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G., Aspects of Privacy for Electronic Health Records, Int. Journal of Medical Informatics 80(2), Elsevier, pp. e26-e31, 2011. Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G., On Privacy in Medical Services with Electronic Health Records, IMIA SiHIS 2009 workhops on CoHMI, 2009. Gerd Griesser Award 2009
National Institute of Informatics
4. Contact