Privacy compliance for e-commerce in web services architecture

Web 服务架构中电子商务的隐私合规性

• 批准号: 8028-2009
• 负责人: Bodorik, Peter
• 金额: $ 1.09万
• 依托单位: Dalhousie University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2009
• 资助国家: 加拿大
• 起止时间: 2009-01-01 至 2010-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=420523
• 关键词: Privacy; compliance; commerce; web; services

Due to improvements in various fields of Information Technology (IT) and electronic devices, much data has been and is continually being collected on customers/citizens through various channels, such as monitoring devices or eCommerce channels. Many news items, dealing with security breaches and inappropriate use of private data, have attracted a lot of attention and created pressure on governments to regulate the use of private data. Governments have responded with enacting privacy laws that regulate the collection and use of private data in various domains, such as HIPPA in the US for health data and PIPEDA in Canada for data collected online. Most companies today inform users under which privacy policies data is collected and tools have also been created to provide users/customers with automated agents that fetch the web site's privacy policy and compare it the user's privacy preferences. However there is urgent need to provide appropriate tools for enforcement of privacy policies, that is, to ensure that private data is indeed used that satisfy the privacy policy under which it was collected. This is a very challenging problem because eCommerce/eBusiness is complex due to integration of various enterprise systems within organizations, and due to increased B2B integration, cross border e-commerce, e-business, mobile commerce, etc. Moreover, dealing with privacy issues has not been designed into software applications, but rather "bolted on" after applications are installed. The focus of this research project is develop new scientific methods and tools to enforce privacy policies, specifically to create mechanisms to (i) monitor the movement of private data between the various integrated subsystems and storage of data by the subsystems; (ii) determine how the private data is used by subsystems and applications; and (iii) ensure that the data use and storage of private data satisfies the privacy policies under which they were collected.

由于信息技术（IT）和电子设备的各个领域的改进，已经并且正在通过各种渠道（诸如监控设备或电子商务渠道）收集关于客户/公民的许多数据。 许多涉及安全漏洞和不当使用私人数据的新闻引起了广泛关注，并对政府监管私人数据的使用产生了压力。 各国政府的回应是颁布隐私法，规范各个领域私人数据的收集和使用，例如美国的健康数据HIPPA和加拿大的在线收集数据PIPEDA。 如今，大多数公司都告知用户根据哪些隐私政策收集数据，并且还创建了工具来为用户/客户提供自动代理，这些代理获取网站的隐私政策并将其与用户的隐私偏好进行比较。 然而，迫切需要提供适当的工具来执行隐私政策，也就是说，确保私人数据的使用确实符合收集数据时所依据的隐私政策。 这是一个非常具有挑战性的问题，因为电子商务/电子商务是复杂的，这是由于各种企业系统在组织内的集成，并由于增加的B2B集成，跨境电子商务，电子商务，移动的商务等。此外，处理隐私问题还没有被设计到软件应用程序中，而是在安装应用程序后“固定”。 该研究项目的重点是开发新的科学方法和工具来执行隐私政策，特别是创建机制来（i）监控各个集成子系统之间的私有数据移动以及子系统的数据存储;（ii）确定子系统和应用程序如何使用私有数据;及（iii）确保个人资料的使用及储存符合收集该等资料时所依据的私隐政策。