conformance to legal requirements the last frontier for privacy research luigi logrippo université...
TRANSCRIPT
![Page 1: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/1.jpg)
CONFORMANCE TO LEGAL REQUIREMENTS
The last frontier for privacy research
Luigi LogrippoUniversité du Québec en OutaouaisUniversity of Ottawa
1
Keynote Talk, PST2012
![Page 2: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/2.jpg)
Towards a process for producing software from legal
requirements
![Page 3: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/3.jpg)
The last frontier …
Last for two reasons: In the end, privacy IT systems must satisfy
the law This is a difficult goal
Because of the need to bridge the long distance between legal language and IT language and implementations
3
A bridge? A bridge?
![Page 4: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/4.jpg)
Why IT isn’t very good at building bridges
4
Humankind has been building bridges for millions of years
But IT is fairly new at this …
Vestiges of a bridge to Sri Lanka (30Km)Reputed to be 1,700,000 yrs old …
![Page 5: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/5.jpg)
The islands and the bridges5
Legal requirements for privacy software
Enterprise requirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement & verify
validate
Legal area
Softwarearea
![Page 6: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/6.jpg)
Legal processes6
Formulating laws and policies Normative text
Establishing legal compliance of enterprise privacy policy to the law: These processes are entirely in the legal domain, for
lawyers
Legalrequirements for privacy software
Enterpriserequirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement &verify
validate
Legal area
Softwarearea
![Page 7: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/7.jpg)
How many research areas remain for us?
7
At least five, let’s see
Legalrequirements for privacy software
Enterpriserequirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement &verify
validate
Legal area
Softwarearea
![Page 8: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/8.jpg)
Manual activities
At the interface of the legal world and the IT world Extract from law
Determine what part of the law is relevant for IT implementation
Express that part of the law in IT terminology Extract from enterprise policy
Determine what part of the enterprise privacy policy is relevant for IT implementation
Express that part of the policy in IT terminology Determine compliance of to
8
Legalrequirements for privacy software
Enterpriserequirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement &verify
validate
Legal area
Softwarearea
![Page 9: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/9.jpg)
How are the manual activities done?9
Since they are interface activities, they will require mixed teams of law experts and IT experts
It’s usual for IT people to work in this manner, at the requirement extraction phase
![Page 10: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/10.jpg)
Current practice10
Legal requirements are expanded into many detailed requirements
Legal offices are used to check that these detailed requirements represent a legally defendable implementation of the law
Long checklists result from this process, and the enterprises subject to the law will use the checklists rather than the original law
Checklists usually include all sorts of things, not only software requirements
![Page 11: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/11.jpg)
Elements for requirement extraction
11
As always in computing, we have data structures and processes Examples of relevant data structures:
Enterprise organization diagrams Concept ontologies
Examples of processes: Business processes
These exist in law, as they exist in enterprise policies, They may be difficult to find They will be more generic in law
![Page 12: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/12.jpg)
Can we put order in something like this?
12
Royal Bank of Canada privacy policies: “We use your personal and financial information for the
purposes communicated to you in your agreement(s) with us, for example to: Verify your identity; Provide you with the financial products and services requested; Communicate to you any benefit, feature and other information about products and services you have with us; Respond to any special needs or inquiries you may have; Better understand your financial situation and determine your eligibility for products and services we offer; Manage our risks and operations; Meet regulatory and legal requirements; If we have your social insurance number or social security number, we may use it for tax related purposes if you hold a product generating income and share it with the appropriate government agencies. We may also share it with credit reporting agencies as an aid to identify you.”
![Page 13: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/13.jpg)
Identifying the dependencies(Ghazinour and Barker, PAIS 2011)
13
Royal Bank of Canada privacy policies:“We use your personal and financial information for the purposes communicated to you in your agreement(s) with us, for example to: Verify your identity; Provide you with the financial products and services requested; Communicate to you any benefit, feature and other information about products and services you have with us; Respond to any special needs or inquiries you may have; Better understand your financial situation and determine your eligibility for products and services we offer; Manage our risks and operations; Meet regulatory and legal requirements; If we have your social insurance number or social security number, we may use it for tax related purposes if you hold a product generating income and share it with the appropriate government agencies. We may also share it with credit reporting agencies as an aid to identify you.”
Purpose ontology lattice for RBC privacy policies
![Page 14: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/14.jpg)
Why a lattice(Ghazinour and Barker, PAIS 2011)
14
This lattice arranges the purposes in an implication order. E.g. if one allows RBC to use personal information for mail distribution then one has also allowed them to use it for communication, marketing, and identity verification (more specific purposes)
![Page 15: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/15.jpg)
Organization structure and scenarios in the law
15
Sarbanes Oxley - Section.2 : Audit (3) AUDIT COMMITTEE. The term ‘‘audit committee’’ means a committee
established by and amongst the board of directors of an issuer for the purpose of overseeing the accounting and financial reporting processes of the issuer and audits of the financial statements of the issuer, ….Issuer: company subject to SOX
![Page 16: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/16.jpg)
IT interpretation16
Sarbanes Oxley - Section.2 : Audit (3) AUDIT COMMITTEE. The term ‘‘audit committee’’ means a committee established by
and amongst the board of directors of an issuer for the purpose of overseeing the accounting and financial reporting processes of the issuer and audits of the financial statements of the issuer, ….
Exercise: draw the class diagram
![Page 17: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/17.jpg)
Processes 17
In law, they are usually defined only in terms of what they should achieve – Examples from SOX (a) pertain to the maintenance of records that in
reasonable detail accurately and fairly reflect the transactions and dispositions …
(b) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements …
(c) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition …
Details are found in standards, professional and ‘best practices’ manuals
![Page 18: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/18.jpg)
Generic extraction model for enterprise governance(Hassan and Logrippo, RELAW2009)
18
Concepts found in normative text are to be mapped into these classes
Note specific purpose!
![Page 19: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/19.jpg)
Scanning normative text19
The extraction process can be to carefully scan the law, standards, ‘best practices’, enterprise regulations, looking for elements that can be implemented in software
Concepts found should be mapped on an extraction model that can be the basis for software implementation Conceptual graphs, lattices, UML
![Page 20: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/20.jpg)
Joint work20
The resulting formalized representations are interpretations of the original text For IT specialists, the
acceptance criterion is: can this interpretation be
implemented in software? For Law specialists, the
criterion is: can this interpretation be
defended in court?
![Page 21: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/21.jpg)
We are interested in the intersection21
Identify and formalize the intersection Expand it as much as possible
![Page 22: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/22.jpg)
Compliance of enterprise requirements to legal requirements
22
Legal requirements
for privacy software
Enterprise requirements
for privacy software
Privacy
Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement & verify
validate
Legal area
Softwarearea
![Page 23: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/23.jpg)
Compliance of enterprise requirements to legal requirements
23
What was a legal compliance process in the legal area becomes a logical compliance check in the software area
This can be performed by using model checkers of various kinds
Legalrequirements for privacy software
Enterpriserequirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement & verify
validate
Legal area
Softwarearea
![Page 24: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/24.jpg)
Proposal: A Logic-Based Process(Hassan and Logrippo)
24
OK or counterexamples
![Page 25: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/25.jpg)
Checking requirements on organization structure
25
Contains (Loans, PublishApplication)Contains (Loans, ReceiveFilledApp)Contains (Loans, Wapplication)Contains (Loans, JReceiveFilledApp)Contains (Loans, ConsentClient)Contains (Loans, LegalReasonException)Contains (Loans,ThankClient)Contains (Loans, DisposeData)Contains(OrderMgt, ReadApplication)Contains(OrderMgt, ValidateInfo)Contains(OrderMgt,SaveInfo)
The organization must include a process to dispose of data
Formally defined Enterprise structureLegal Requirement
An organization with two main departments,incl. several processes
Model checker: yes, it is included
![Page 26: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/26.jpg)
Checking requirements on process structure
26
Next (ValidateInfo,SaveInfo)Next(ReadApplication, ValidateInfo)Next(Wapplication, JreceivedApp)Next(JReceivedApp,ConsentClient)Next(JReceivedApp,LegalReasonException) Next(ThankClient,DisposeData)Next(PublishApplication, ReceiveFilledApp)Next(ReceiveFilledApp,Wapplication)Next(ValidateInfo,WApplication)Next(WApplication,ReadApplication)
Formally defined structure
Legal requirement:
Information received must later be disposed
Model checker: following slide
![Page 27: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/27.jpg)
Process non-compliance27
A path is found where information
rec’d is saved
![Page 28: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/28.jpg)
Implement &verify28
Legal requirements for privacy software
Enterprise requirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement & verify
validate
Legal area
Softwarearea
![Page 29: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/29.jpg)
Implement &verify29
Legalrequirements for privacy software
Enterpriserequirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement & verify
validate
Legal area
Softwarearea
We are here in a familiar territory: We have compliant software requirements and we must
implement them and verify the implementation Use existing software methods But: are the enterprise requirements that were obtained
so far sufficient to derive an implementation? A lot of practical domain knowledge may still be necessary Probably it cannot be assumed that inexperienced software
developers can do this
![Page 30: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/30.jpg)
Maturity of SE methods30
Unfortunately, the study of techniques to go from requirements to implementations is fairly recent and so not very mature IMOMO Requirements engineering
We have been doing this for only about half a century …
![Page 31: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/31.jpg)
Generic SE development method
31
Requirements(in natural or
logic language)
Specification of behavior
Specification of implementation
Implementation
Major errors can be injected at every step especially between
requirements and behavior specs
Legal knowledge is probably still needed between steps
![Page 32: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/32.jpg)
Validate implementation32
Legal requirements
for privacy software
Enterprise requirements
for privacy software
Privacy
Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement & verify
validate
Legal area
Softwarearea
![Page 33: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/33.jpg)
Legalrequirements for privacy software
Enterpriserequirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement & verify
validate
Legal area
Softwarearea
Validate implementation33
Is the resulting enterprise software compliant with the law? This must be checked since errors can be injected in the
implementation process Existing software methods can be used to validate the
implementation wrt legal requirements, perhaps the most practical is testing
Final testing is part of every engineering process But, exactly what should be tested and how? The checklist mentioned are not constructed as software test suites
![Page 34: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/34.jpg)
Certification34
The end result should be certified software Certified to be conformant to the law What should the certification process be?
Most probably, test suites derived from the mentioned checklists
Many software vendors produce software that is claimed to be compliant But can hardly be certified
![Page 35: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/35.jpg)
Privacy by Design35
PbD is embedded into the design and architecture of IT systems and business practices It is not bolted on as an add-on
Privacy becomes an essential component of the core functionality being delivered
Privacy is integral to the system, without diminishing functionality
(source: Information and Privacy Commissioner of Ontario, Canada)
How can be build PbD in the software process?
![Page 36: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/36.jpg)
How can we move forward?36
Of course, it would help if normative text to be implemented in software was written in a different style …
E.g. legal text leaves much unspecified The complex ontologies on which its
interpretation depends are rarely specified The increasing dependence on IT systems
will lead legislators to include more IT language and structure in their normative style Thus facilitating the extraction process
![Page 37: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/37.jpg)
More mind-expanding ideas37
Formalizing Privacy agreements P3P and extensions
Developments in legal theory and practice Legal formalization necessary to expand e-
Business e-Contracts, internationally formalized e-Judgments
Privacy violations to be proved automatically by using automatically obtained factual evidence
Amends to be determined automatically, on the basis of objective law
![Page 38: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/38.jpg)
Many open areas of research
38
Formal semantics of normative languages Methods to extract ontologies and processes from
normative text (see RELAW workshop series) Methods to validate the result of the extraction process
Such methods will be domain-specific Software Engineering issues, instantiated to the legal
domain Methods for validating compliance of an
implementation to legal requirements Leading to certification
The PbD software process
![Page 39: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/39.jpg)
Access control and normative concepts In his 2012 paper, S. Barker states:
“In future work, we intend to consider the type of more general authorization model requirements that Jones and Sergot have considered and their representation of rich forms of non-standard access control models within our framework”In other words, he intended to pursue a generalization of his access control theory to include normative concepts.
Steve Barker: Logical Approaches to Authorization Policies. Logic Programs, Norms and Action 2012: 349-373
39
![Page 40: CONFORMANCE TO LEGAL REQUIREMENTS The last frontier for privacy research Luigi Logrippo Université du Québec en Outaouais University of Ottawa 1 Keynote](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649cc95503460f94991397/html5/thumbnails/40.jpg)
Conclusions40
Legalrequirements for privacy software
Enterpriserequirements for privacy software
Privacy Law
EnterprisePrivacyPolicy
Enterprise privacy software
extract extract
legal compliance
logical compliance
implement & verify
validate
Legal area
Softwarearea
I have attempted to identify the main issues related to the problem of compliance to legal requirements for privacy
Classify the issues, by means of a proposed ‘reference model’
Some preliminary solutions and research ideas were also presented, as possible starting points