A privacy framework to provide users with control, accuracy and audit

• Main Author: Nozin, Maksym
• Format: Others
• Language: en
• Published: University of Ottawa (Canada) 2013
• Subjects: Computer Science.
• Online Access: http://hdl.handle.net/10393/26994; http://dx.doi.org/10.20381/ruor-18482

In privacy protection the interests of consumers and businesses can be opposite and conflicting. For consumers, it is important to achieve the highest degree of protection while maintaining usage convenience. For businesses it is important to maximize the potential return from usage of personal information and at the same time to avoid possible legal consequences in connection with improper handling of personal information. This thesis defines an architectural framework which provides users control over their personal information and the manner in which it can he used by businesses, as well as an ability to verify the accuracy of that information and to audit the manner in which it is used by businesses. However, it does so in a framework that enables efficient mechanisms for providing consent to businesses to enable fast and flexible access to information that businesses are allowed to use. The premise of the framework is that businesses form a circle of trust which is a business network of trusted entities cooperating in a B2B environment. A framework of laws, government regulation, self-policing activities of the members, and a technology infrastructure ensure that individuals will rely on the circle of trust to protect their personal information. The framework consists of a number of distributed components such as a Discovery Service, a Policy Decision Point, an Information Transfer Registry, an Attribute Provider and a Customer Gateway. A Customer Gateway is a key contribution of the thesis. (Abstract shortened by UMI.)