The University of Southampton
University of Southampton Institutional Repository

Provenance-based Auditing of Private Data Use

Provenance-based Auditing of Private Data Use
Provenance-based Auditing of Private Data Use
Across the world, organizations are required to comply with regulatory frameworks dictating how to manage personal information. Despite these, several cases of data leaks and exposition of private data to unauthorized recipients have been publicly and widely advertised. For authorities and system administrators to check compliance to regulations, auditing of private data processing becomes crucial in IT systems. Finding the origin of some data, determining how some data is being used, checking that the processing of some data is compatible with the purpose for which the data was captured are typical functionality that an auditing capability should support, but difficult to implement in a reusable manner. Such questions are so-called provenance questions, where provenance is defined as the process that led to some data being produced. The aim of this paper is to articulate how data provenance can be used as the underpinning approach of an auditing capability in IT systems. We present a case study based on requirements of the Data Protection Act and an application that audits the processing of private data, which we apply to an example manipulating private data in a university.
BCS
Aldeco Perez, Rocio
91007839-f963-4d93-aef8-31fc4c2a16b4
Moreau, Luc
033c63dd-3fe9-4040-849f-dfccbe0406f8
Aldeco Perez, Rocio
91007839-f963-4d93-aef8-31fc4c2a16b4
Moreau, Luc
033c63dd-3fe9-4040-849f-dfccbe0406f8

Aldeco Perez, Rocio and Moreau, Luc (2008) Provenance-based Auditing of Private Data Use , BCS (In Press)

Record type: Book

Abstract

Across the world, organizations are required to comply with regulatory frameworks dictating how to manage personal information. Despite these, several cases of data leaks and exposition of private data to unauthorized recipients have been publicly and widely advertised. For authorities and system administrators to check compliance to regulations, auditing of private data processing becomes crucial in IT systems. Finding the origin of some data, determining how some data is being used, checking that the processing of some data is compatible with the purpose for which the data was captured are typical functionality that an auditing capability should support, but difficult to implement in a reusable manner. Such questions are so-called provenance questions, where provenance is defined as the process that led to some data being produced. The aim of this paper is to articulate how data provenance can be used as the underpinning approach of an auditing capability in IT systems. We present a case study based on requirements of the Data Protection Act and an application that audits the processing of private data, which we apply to an example manipulating private data in a university.

PDF
BSC08.pdf - Version of Record
Download (249kB)

More information

Accepted/In Press date: 1 August 2008
Additional Information: Event Dates: September 2008
Organisations: Web & Internet Science

Identifiers

Local EPrints ID: 266580
URI: https://eprints.soton.ac.uk/id/eprint/266580
PURE UUID: d86a3d4c-b2a4-4c95-9501-55d5091ffe38
ORCID for Luc Moreau: ORCID iD orcid.org/0000-0002-3494-120X

Catalogue record

Date deposited: 19 Aug 2008 14:09
Last modified: 06 Jun 2018 13:03

Export record

Contributors

Author: Rocio Aldeco Perez
Author: Luc Moreau ORCID iD

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×