The Use of Legal Ontologies in the Development of a System for

Continuous Assurance of Privacy Policy Compliance*

Bonnie W. Morris, Ph.D. CPADivision of Accounting

Srinivas Kankanahalli, Ph.D.

Lane Department of Computer Science & Electrical Engineering

West Virginia University

*Funded in part by Lockheed Martin’s Radiant Trust Center of Excellence Program

Outline of Presentation

Motivation Research Plan and Background Our Work in Progress Future Research Directions

Motivation for the Research

The Public is Concerned About Privacy and Infringement of Civil Liberties

Managing Privacy Policy Compliance is a Difficult Problem

There is a Demand for Assurance of Compliance with Privacy Laws and Policies

Public Concern A 2002 survey by the Center for Survey Research &

Analysis at the U Conn for the First Amendment Center and American Journalism Review found: 81% reported that the right to privacy was "essential.” (Up from 78% in 1997.)

In 2001, 72% of voters in North Dakota voted to re-instate “opt-in” privacy protections for financial information

In a 2000 survey, the Pew Internet & American Life Project found that: 86% support opt-in privacy policies before companies use personal information.

Source: http://www.epic.org/privacy/survey/

Managing Privacy Compliance is Difficult!

U.S. laws are a “patchwork”– US PATRIOT Act – Gramm-Leach-Bliley Act– HIPAA– ECA– Video Privacy Act!

Many organizations also are subject to international privacy laws, such as the EU’s Data Protection Act.

Demand for Assurance

Senator Lieberman, chair of the Senate Governmental Affairs Committee, requested a GAO audit of four government agencies’ compliance with privacy laws and directives.

Demand for Assurance, continued

A survey by Harris Interactive, February 19, 2002 found that – most consumers do not trust business to handle

their personal information properly– 84% responded that independent verification of

company privacy policies should be a requirement.

Source: http://www.epic.org/privacy/survey/

Continuous or On-Demand Assurance?

It probably doesn’t matter.

The same infrastructure is

required for both.

Research Plan and Background

Organizational, architectural, and system design changes are needed to

support continuous assurance

A method of marking up or tagging data elements that are subject to privacy policies

Mapping of natural language text-based statutes and policies into rules implemented in a computer system

Maybe a “black box” to document access and sharing of personal information and to record audit tests.

Mapping Policy to Rules

It is common practice when developing KBS to first build an intermediate or conceptual model before building a symbolic level model.– Aids in verification and validation– Supports future maintenance– Aids in the reuse.

Source: Visser, et al. 1997

Legal Ontology-Definitions

An ontology is an explicit conceptualization of a domain (Gruber, 1992)

A legal ontology is a conceptualization of laws or statutes, in general.

A statute-specific ontology is the instantiation of a legal ontology for a specific statute.

Research Approach

Identify the target statute Pick an ontology Separate control knowledge from domain

knowledge Pass through the appropriate sections of the

statute to identify the vocabulary, taxonomy, and typology needed to instantiate the ontology--this is an iterative process

Our Work in Progress:

Develop a Statute Specific Ontology for the Gramm-Leach-Bliley Act Using the Van Kralingen Legal Ontology (1995)

Van Kralingen Ontology (1995)

A frame-based ontology Norms Acts Concepts

Norms are the rules or standards with which an entity must comply. Generally, a norm is expressed by a statement that something “ought to,” “ought not to,” “may,” or may not be done.

Norm frame

Identifier Norm type Source Range of applicability Conditions of applicability Persons subject to the norm Modality (ought, ought not, may, may not…) Act identifier

Acts are events or processes that cause changes in the state of the world. An event causes an immediate change. A process has duration, over which change occurs.

Act Frame Identifier Type Source of the description Agents involved in the act Means (objects used) Manner in which the act was performed Timing Location Circumstances Cause (reason to perform act) Aim Intent Final state that derives from the act

Concepts are used to determine the meaning of a notion. Concepts may be definitions or “deeming provisions.”

(A deeming provision is a legal fiction, that is, a statement that under certain circumstances something that is not true will be deemed to be true. )

Concepts

Concept name Concept type Priority or weight assigned to it Source of the concept description Range of applicability Conditions of applicability List of instances of the concept

Identifying Statute Specific Vocabulary (Bench-Capon and Coenen, 1992)

Words denoting – actions– agents – objects

Words indicating – time– place– source – legal modality

Words assigning properties to other entities Words expressing relations Words marking textual constructions Words marking arithmetic operations

A Partial Example of the Instantiation of the Ontology

Gramm-Leach-Bliley Act15 USC, Subchapter I, Sec. 6801-6810

Disclosure of Nonpublic Personal Informationsource: http://www.ftc.gov/privacy/glbact/glbsub1.htm

“(d) Limitations on the sharing of account number information for marketing purposes

A financial institution shall not disclose, other than to a consumer reporting agency, an account number or similar form of access number or access code for a credit card account, deposit account, or transaction account of a consumer to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer.”

Concepts (definitions) Financial institution (Agent) Third party (Agent)

(Affiliated, Nonaffiliated,Consumer reporting agency,…) Financial account (Object)

(credit card, deposit account, transaction account) Account Identifier (Object)

(account number, access code, access number,…) Marketing (Cause)

(telemarketing, direct mail marketing, email marketing,…)

Act

Act Identifier: Share account number information for marketing purposes

Agents: Financial institutions subject to GLBA

Act: Agent discloses account identifier to third party

Cause: Marketing

Norm

Subject: Financial Institutions subject to GLBA

Conditions: Third party is non-affiliated and not a consumer credit agency

Legal Modality: Shall not Act: Share account number information for

marketing purposes

Control Knowledge

The need to select an action to resolve a conflict is called the control problem (Hayes-Roth, 1988)

Strategies for selecting the action to resolve a conflict is called solving the control problem

Knowledge used to solve the control problem is called control knowledge

GLBA Control Problem

The GLBA control problem arises because there are rules and exceptions to them.

Solved by the legal principle:

Lex Specialis Derogat Legi Generali

(the conclusion of the exception should be preferred over the conclusion of the general rule)

Future Research

Comparison of statute specific ontologies for other privacy statutes and policies

Implementation issues--including resolution of control problems

Tagging of data elements Explore the “black box” concept Temporal reasoning Exploring the efficacy of using ontologies to help

draft policy statements