July 9, 2003

IBM Introes Language to Automate Privacy Compliance

- from ebizQ.net

By staff writer

© Copyright 2003 ITQuadrant, Inc.

IBM says it's come up with "the first computer language to provide enterprises with a way to automate the enforcement of privacy policies among IT applications and systems."

The Enterprise Privacy Authorization Language (EPAL) is "an important leap forward in privacy-enabling technology, giving developers the power to extend specific privacy rules across internal business systems then automate compliance to those rules,: IBM asserts. "Current privacy specifications, such as the Platform for Privacy Preferences (P3P), which was released by the World Wide Web Consortium in April 2002, communicate privacy policies from business applications to consumer applications. EPAL goes one step further, providing an XML language that enables organizations to enforce P3P policies behind the Web, among applications and databases."

By building enforcement into enterprise applications, companies can automate tedious privacy management tasks, and by automating these often laborious and complex business processes, companies can reduce costs and increase productivity, IBM notes.

"With EPAL, organizations finally have a sophisticated language to help automate the enforcement of the privacy policies they've put in place to protect consumer data," says Arvind Krishna, vice president of security products, Tivoli Software, IBM. "With EPAL and other privacy innovations, developers can enhance consumer trust and better demonstrate how their organizations' privacy obligations are being kept."

IBM plans to submit EPAL for standardization within the next few months. IBM plans to add EPAL support to IBM's enterprise privacy management software, IBM Tivoli Privacy Manager.

A team of students at North Carolina State University has developed the first tool to help developers leverage EPAL -- the Privacy Authoring Editor. The new tool helps companies author and edit privacy policies using EPAL while allowing for the expression of richer and more complex privacy rules than current standards allow, IBM points out.

[Editor’s note, NC State University: This “team of students” worked on their sponsored project in the Computer Science eCommerce Practicum class in spring 2003. The instructors were Dr. Laurie Williams of the Department of Computer Science in the College of Engineering and Dr. Julia Earp of the Department of Business Management in the College of Management.]

The students developed the Privacy Authoring Editor as an open source project, so that as the EPAL specification evolves, other members of the open source community can update the editor to match the specification. The Privacy Authoring Editor is currently available on SourceForget.net -- a Web site for open source code and applications. As IBM puts it, "EPAL is designed to make it easier for enterprises to translate their privacy policies into machine-readable descriptions of data handling procedures. For instance, EPAL lets developers express a natural language statement such as "Members of the physician group can read protected health information for the purpose of medical treatment, only if the physician is the primary care physician and the patient or the patient's family is notified in advance" in a language that applications and privacy management tools can understand.

"Like other IBM privacy technologies and software, EPAL's evolution has been influenced by customer feedback. IBM's Privacy Management Advisory Council, a 25-member group that includes industry leaders such as eBay, Fidelity Investments, Marriott International and others, has evaluated the new language and offered valuable insight into industry requirements."

IBM Research and IBM Software Group jointly developed EPAL.

/ News Index / News Archives Index /