Location
Hilton Waikoloa Village, Hawaii
Event Website
http://hicss.hawaii.edu/
Start Date
1-3-2018
End Date
1-6-2018
Description
Organizations (e.g., hospitals, university etc.) are custodians of data on their clients and use this information to improve their service. Personal data of an individual therefore ends up hosted under the administration of different data custodians. Individuals (data subjects) may want to share their data with others for various reasons. However, existing data sharing mechanisms provided by the data custodians do not provide individuals enough flexibility to share their data, especially in a cross-domain (data custodian) environment. In this paper, we propose a data sharing policy language and related framework for a data subject to capture their fine-grained data sharing requirements. This proposed language allows the data subject to define data sharing policies that consider context conditions, privacy obligations and re-sharing restrictions. Furthermore, we have implemented a prototype to demonstrate how data subjects can define their data sharing policies and how the policies can be used and enforced at runtime.
A Policy Framework for Subject-Driven Data Sharing
Hilton Waikoloa Village, Hawaii
Organizations (e.g., hospitals, university etc.) are custodians of data on their clients and use this information to improve their service. Personal data of an individual therefore ends up hosted under the administration of different data custodians. Individuals (data subjects) may want to share their data with others for various reasons. However, existing data sharing mechanisms provided by the data custodians do not provide individuals enough flexibility to share their data, especially in a cross-domain (data custodian) environment. In this paper, we propose a data sharing policy language and related framework for a data subject to capture their fine-grained data sharing requirements. This proposed language allows the data subject to define data sharing policies that consider context conditions, privacy obligations and re-sharing restrictions. Furthermore, we have implemented a prototype to demonstrate how data subjects can define their data sharing policies and how the policies can be used and enforced at runtime.
https://aisel.aisnet.org/hicss-51/os/information_security/3