HIPAA和GLBA隐私法逻辑规范方面的经验

Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society Pub Date : 2010-10-04 DOI:10.1145/1866919.1866930

Henry Deyoung, D. Garg, Limin Jia, D. Kaynar, Anupam Datta

{"title":"HIPAA和GLBA隐私法逻辑规范方面的经验","authors":"Henry Deyoung, D. Garg, Limin Jia, D. Kaynar, Anupam Datta","doi":"10.1145/1866919.1866930","DOIUrl":null,"url":null,"abstract":"Despite the wide array of frameworks proposed for the formal specification and analysis of privacy laws, there has been comparatively little work on expressing large fragments of actual privacy laws in these frameworks. We attempt to bridge this gap by giving complete logical formalizations of the transmission-related portions of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). To this end, we develop the PrivacyLFP logic, whose features include support for disclosure purposes, real-time constructs, and self-reference via fixed points. To illustrate these features and demonstrate PrivacyLFP's utility, we present formalizations of a collection of clauses from these laws. Due to their size, our full formalizations of HIPAA and GLBA appear in a companion technical report. We discuss ambiguities in the laws that our formalizations revealed and sketch preliminary ideas for computer-assisted enforcement of such privacy policies.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"15 1","pages":"73-82"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"96","resultStr":"{\"title\":\"Experiences in the logical specification of the HIPAA and GLBA privacy laws\",\"authors\":\"Henry Deyoung, D. Garg, Limin Jia, D. Kaynar, Anupam Datta\",\"doi\":\"10.1145/1866919.1866930\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Despite the wide array of frameworks proposed for the formal specification and analysis of privacy laws, there has been comparatively little work on expressing large fragments of actual privacy laws in these frameworks. We attempt to bridge this gap by giving complete logical formalizations of the transmission-related portions of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). To this end, we develop the PrivacyLFP logic, whose features include support for disclosure purposes, real-time constructs, and self-reference via fixed points. To illustrate these features and demonstrate PrivacyLFP's utility, we present formalizations of a collection of clauses from these laws. Due to their size, our full formalizations of HIPAA and GLBA appear in a companion technical report. We discuss ambiguities in the laws that our formalizations revealed and sketch preliminary ideas for computer-assisted enforcement of such privacy policies.\",\"PeriodicalId\":74537,\"journal\":{\"name\":\"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society\",\"volume\":\"15 1\",\"pages\":\"73-82\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"96\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1866919.1866930\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1866919.1866930","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 96

摘要

尽管为隐私法的正式规范和分析提出了各种框架，但在这些框架中表达实际隐私法的大块内容的工作相对较少。我们试图通过对《健康保险流通与责任法案》(HIPAA)和《格雷姆-里奇-比利利法案》(GLBA)中与传输相关的部分给出完整的逻辑形式化来弥合这一差距。为此，我们开发了PrivacyLFP逻辑，其特性包括支持公开目的、实时结构和通过固定点的自引用。为了说明这些特性并演示PrivacyLFP的实用程序，我们给出了这些法律条款集合的形式化形式。由于它们的大小，我们对HIPAA和GLBA的完整形式化将出现在配套的技术报告中。我们讨论了我们的形式化揭示的法律中的模糊性，并概述了计算机辅助执行此类隐私政策的初步想法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Experiences in the logical specification of the HIPAA and GLBA privacy laws

Despite the wide array of frameworks proposed for the formal specification and analysis of privacy laws, there has been comparatively little work on expressing large fragments of actual privacy laws in these frameworks. We attempt to bridge this gap by giving complete logical formalizations of the transmission-related portions of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). To this end, we develop the PrivacyLFP logic, whose features include support for disclosure purposes, real-time constructs, and self-reference via fixed points. To illustrate these features and demonstrate PrivacyLFP's utility, we present formalizations of a collection of clauses from these laws. Due to their size, our full formalizations of HIPAA and GLBA appear in a companion technical report. We discuss ambiguities in the laws that our formalizations revealed and sketch preliminary ideas for computer-assisted enforcement of such privacy policies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society

自引率

0.00%

发文量