Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

A programming language for privacy policies


IBM this week announced the first computer language to provide businesses with a way to automate the enforcement of privacy policies among IT applications and systems. It will allow computers to understand the rules of a privacy policy.

IBM says its Enterprise Privacy Authorization Language (EPAL) is an important leap forward in privacy-enabling technology, giving developers the power to extend specific privacy rules across internal business systems then automate compliance to those rules.

EPAL is designed to make it easier for enterprises to translate their privacy policies into machine-readable descriptions of data handling procedures.

For instance, EPAL lets developers express a natural language statement such as "Members of the physician group can read protected health information for the purpose of medical treatment, only if the physician is the primary care physician and the patient or the patient's family is notified in advance" in a language that applications and privacy management tools can understand.

Current privacy specifications, such as the Platform for Privacy Preferences (P3P), which was released by the World Wide Web Consortium in April 2002, communicate privacy policies from business applications to consumer applications (for more on P3P, follow the link to our story of 17/04/2002 below).

EPAL goes one step further, providing an XML language that enables organizations to enforce P3P policies behind the web, among applications and databases. XML (Extensible Markup Language) is a flexible means of creating common information formats and share both the format and the data on the internet, intranets, and elsewhere.

"With EPAL, organisations finally have a sophisticated language to help automate the enforcement of the privacy policies they've put in place to protect consumer data," says Arvind Krishna, vice president of security products, Tivoli Software, IBM.

"With EPAL and other privacy innovations, developers can enhance consumer trust and better demonstrate how their organizations' privacy obligations are being kept."

By building enforcement into enterprise applications companies can automate tedious privacy management tasks. By automating these often laborious and complex business processes, companies can reduce costs and increase productivity, says IBM.

IBM plans to submit EPAL for standardisation within the next few months.

A draft specification of the language is currently available at:
www.zurich.ibm.com/security/
enterprise-privacy/epal

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.