Location

Hilton Waikoloa Village, Hawaii

Event Website

http://hicss.hawaii.edu/

Start Date

1-3-2018

End Date

1-6-2018

Description

Organizations (e.g., hospitals, university etc.) are custodians of data on their clients and use this information to improve their service. Personal data of an individual therefore ends up hosted under the administration of different data custodians. Individuals (data subjects) may want to share their data with others for various reasons. However, existing data sharing mechanisms provided by the data custodians do not provide individuals enough flexibility to share their data, especially in a cross-domain (data custodian) environment. In this paper, we propose a data sharing policy language and related framework for a data subject to capture their fine-grained data sharing requirements. This proposed language allows the data subject to define data sharing policies that consider context conditions, privacy obligations and re-sharing restrictions. Furthermore, we have implemented a prototype to demonstrate how data subjects can define their data sharing policies and how the policies can be used and enforced at runtime.

Share

COinS
 
Jan 3rd, 12:00 AM Jan 6th, 12:00 AM

A Policy Framework for Subject-Driven Data Sharing

Hilton Waikoloa Village, Hawaii

Organizations (e.g., hospitals, university etc.) are custodians of data on their clients and use this information to improve their service. Personal data of an individual therefore ends up hosted under the administration of different data custodians. Individuals (data subjects) may want to share their data with others for various reasons. However, existing data sharing mechanisms provided by the data custodians do not provide individuals enough flexibility to share their data, especially in a cross-domain (data custodian) environment. In this paper, we propose a data sharing policy language and related framework for a data subject to capture their fine-grained data sharing requirements. This proposed language allows the data subject to define data sharing policies that consider context conditions, privacy obligations and re-sharing restrictions. Furthermore, we have implemented a prototype to demonstrate how data subjects can define their data sharing policies and how the policies can be used and enforced at runtime.

https://aisel.aisnet.org/hicss-51/os/information_security/3