header

Publishing Privacy Logs to Facilitate Transparency and Accountability

28 Pages Posted: 26 Jun 2018 First Look: Accepted

See all articles by Reza Samavi

Reza Samavi

McMaster University - Department of Computing and Software

Mariano Consens

University of Toronto - Department of Mechanical and Industrial Engineering

Abstract

Compliance with privacy policies imposes requirements on organizations and their information systems. Maintaining auditable privacy logs is one of the key mechanisms employed to ensure compliance, but the logs and their auditing reports are designed and implemented on an application by application basis. This paper develops a Linked Data model and ontologies to facilitate the sharing of logs that support privacy auditing and information accountability among multiple applications and participants. The L2TAP modular ontologies accommodate a variety of privacy scenarios and policies. SCIP is the key module that synthesizes contextual integrity concepts and enables query based solutions that facilitate privacy auditing. Other L2TAP modules describe logs, participants, and log events, all identified by web accessible URIs and include relevant provenance information to support accountability. A health self-management scenario is used to illustrate how privacy preferences, accountability obligations, and access to personal information can be published and accessed as Linked Data by multiple participants, including the internal and external auditors. We contribute query based algorithmic solutions for two fundamental privacy auditing processes that analyse L2TAP logs: obligation derivation and compliance checking. The query based solutions that we develop require SPARQL implementations with limited RDFS reasoning power, and are therefore widely supported by commercial and open source systems. We also provide experimental validation of the scalability of our query based solution for compliance checking over L2TAP logs.

Keywords: Privacy, Policy, Audit Log, Accountability, Linked Data, Semantic Web, Ontology

Suggested Citation

Samavi, Reza and Consens, Mariano, Publishing Privacy Logs to Facilitate Transparency and Accountability (2018). Journal of Web Semantics First Look. Available at SSRN: https://ssrn.com/abstract=3180340 or http://dx.doi.org/10.2139/ssrn.3180340

Reza Samavi (Contact Author)

McMaster University - Department of Computing and Software ( email )

1280 Main Street West
Hamilton, Ontario L8S 4M4
Canada

Mariano Consens

University of Toronto - Department of Mechanical and Industrial Engineering

Toronto, Ontario M5S 3G8
Canada