 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY / JULY 21, 2003; VOL. 2 NO. 29
|
Breaking News -
Security:
IBM Introduces New Language To
Automate Privacy Compliance
IBM announced the first computer language to provide enterprises with a way
to
automate the enforcement of privacy policies among IT applications and
systems.
The Enterprise Privacy Authorization Language (EPAL) is an important leap
forward in privacy-enabling technology, giving developers the power to extend
specific privacy rules across internal business systems then automate
compliance to those rules. Current privacy specifications, such as the
Platform for Privacy Preferences (P3P), which was released by the World Wide
Web Consortium in April 2002, communicate privacy policies from business
applications to consumer applications. EPAL goes one step further, providing
an XML language that enables organizations to enforce P3P policies behind the
Web, among applications and databases.
By building enforcement into enterprise applications, companies can
automate
tedious privacy management tasks. By automating these often laborious and
complex business processes, companies can reduce costs and increase
productivity.
"With EPAL, organizations finally have a sophisticated language to help
automate the enforcement of the privacy policies they've put in place to
protect consumer data," says Arvind Krishna, vice president of security
products, Tivoli Software, IBM. "With EPAL and other privacy innovations,
developers can enhance consumer trust and better demonstrate how their
organizations' privacy obligations are being kept."
IBM plans to submit EPAL for standardization within the next few months.
IBM
plans to add EPAL support to IBM's enterprise privacy management software, IBM
Tivoli Privacy Manager.
A team of students at North Carolina State University has developed the
first
tool to help developers leverage EPAL -- the Privacy Authoring Editor. The new
tool helps companies author and edit privacy policies using EPAL while
allowing for the expression of richer and more complex privacy rules than
current standards allow.
The students developed the Privacy Authoring Editor as an open source
project,
so that as the EPAL specification evolves, other members of the open source
community can update the editor to match the specification. The Privacy
Authoring Editor is currently available on SourceForget.net -- a Web site for
open source code and applications -- at
sourceforge.net/projects/epaleditor.
EPAL is designed to make it easier for enterprises to translate their
privacy
policies into machine-readable descriptions of data handling procedures. For
instance, EPAL lets developers express a natural language statement such as
"Members of the physician group can read protected health information for the
purpose of medical treatment, only if the physician is the primary care
physician and the patient or the patient's family is notified in advance" in a
language that applications and privacy management tools can understand.
Like other IBM privacy technologies and software, EPAL's evolution has been
influenced by customer feedback. IBM's Privacy Management Advisory Council, a
25-member group that includes industry leaders such as eBay, Fidelity
Investments, Marriott International and others, has evaluated the new language
and offered valuable insight into industry requirements.
|