The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Provenance-based Auditing of Private Data Use

Provenance-based Auditing of Private Data Use
Provenance-based Auditing of Private Data Use
Across the world, organizations are required to comply with regulatory frameworks dictating how to manage personal information. Despite these, several cases of data leaks and exposition of private data to unauthorized recipients have been publicly and widely advertised. For authorities and system administrators to check compliance to regulations, auditing of private data processing becomes crucial in IT systems. Finding the origin of some data, determining how some data is being used, checking that the processing of some data is compatible with the purpose for which the data was captured are typical functionality that an auditing capability should support, but difficult to implement in a reusable manner. Such questions are so-called provenance questions, where provenance is defined as the process that led to some data being produced. The aim of this paper is to articulate how data provenance can be used as the underpinning approach of an auditing capability in IT systems. We present a case study based on requirements of the Data Protection Act and an application that audits the processing of private data, which we apply to an example manipulating private data in a university.
BCS, The Chartered Institute for IT
Aldeco Perez, Rocio
91007839-f963-4d93-aef8-31fc4c2a16b4
Moreau, Luc
033c63dd-3fe9-4040-849f-dfccbe0406f8
Aldeco Perez, Rocio
91007839-f963-4d93-aef8-31fc4c2a16b4
Moreau, Luc
033c63dd-3fe9-4040-849f-dfccbe0406f8

Aldeco Perez, Rocio and Moreau, Luc (2008) Provenance-based Auditing of Private Data Use , BCS, The Chartered Institute for IT (In Press)

Record type: Book

Abstract

Across the world, organizations are required to comply with regulatory frameworks dictating how to manage personal information. Despite these, several cases of data leaks and exposition of private data to unauthorized recipients have been publicly and widely advertised. For authorities and system administrators to check compliance to regulations, auditing of private data processing becomes crucial in IT systems. Finding the origin of some data, determining how some data is being used, checking that the processing of some data is compatible with the purpose for which the data was captured are typical functionality that an auditing capability should support, but difficult to implement in a reusable manner. Such questions are so-called provenance questions, where provenance is defined as the process that led to some data being produced. The aim of this paper is to articulate how data provenance can be used as the underpinning approach of an auditing capability in IT systems. We present a case study based on requirements of the Data Protection Act and an application that audits the processing of private data, which we apply to an example manipulating private data in a university.

Text
BSC08.pdf - Version of Record
Download (249kB)

More information

Accepted/In Press date: 1 August 2008
Additional Information: Event Dates: September 2008
Organisations: Web & Internet Science

Identifiers

Local EPrints ID: 266580
URI: http://eprints.soton.ac.uk/id/eprint/266580
PURE UUID: d86a3d4c-b2a4-4c95-9501-55d5091ffe38
ORCID for Luc Moreau: ORCID iD orcid.org/0000-0002-3494-120X

Catalogue record

Date deposited: 19 Aug 2008 14:09
Last modified: 14 Mar 2024 08:30

Export record

Contributors

Author: Rocio Aldeco Perez
Author: Luc Moreau ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×