Visualization for Privacy Compliance

Download
  1. (PDF, 236 KB)
AuthorSearch for:
TypeArticle
ConferenceProceedings of the 3rd International Workshop on Visualization for Computer Security (VizSec'06), November 3, 2006., FairFax County, Virginia, USA
Subjectprivacy; compliance; visualization; privacy legislation; e-services
AbstractThe growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, e-health). This proliferation of e-services has put large quantities of consumer private information in the hands of the service providers, who in many cases have mishandled the information, either intentionally or unintentionally, to the detriment of consumer privacy. As a result, government bodies have put in place privacy legislation that spells out a consumer's privacy rights and how consumer private information is to be handled. Providers are required to comply with such privacy legislation. This paper proposes visualization as a tool that can be used by security or privacy analysts to understand how private information flows within and between provider organizations, as a way of identifying vulnerabilities that can lead to non-compliance. A model of private information flow and a graphical notation for visualizing this flow are proposed. An application example of using the notation to identify privacy vulnerabilities is given.
Publication date
LanguageEnglish
AffiliationNRC Institute for Information Technology; National Research Council Canada
Peer reviewedNo
NRC number48772
NPARC number8914409
Export citationExport as RIS
Report a correctionReport a correction
Record identifierc3c9582b-9e4c-4b6c-82af-8d5357ce1242
Record created2009-04-22
Record modified2016-05-09
Bookmark and share
  • Share this page with Facebook (Opens in a new window)
  • Share this page with Twitter (Opens in a new window)
  • Share this page with Google+ (Opens in a new window)
  • Share this page with Delicious (Opens in a new window)