On Privacy-aware On Privacy-aware Information Lifecycle Management (ILM) Information Lifecycle Management (ILM)

in Enterprises: in Enterprises: Setting the ContextSetting the Context

Marco Casassa MontMarco Casassa Montmarco.casassa-mont@hp.commarco.casassa-mont@hp.com

Hewlett-Packard LabsHewlett-Packard LabsBristol, UKBristol, UK

Presentation Outline

Background & Privacy Concepts

What is Information Lifecycle Management (ILM)?

What is Identity Management (IDM)?

Current Privacy Management in Enterprises

Moving Towards Privacy-Aware ILM in Enterprises

Conclusions

Presentation Outline

Background & Privacy Concepts

What is Information Lifecycle Management (ILM)?

What is Identity Management (IDM)?

Current Privacy Management in Enterprises

Moving Towards Privacy-Aware ILM in Enterprises

Conclusions

PRIVACY

Regulations (incomplete list …)Regulatory Compliance

(Example of Process)

Privacy: An Important Aspect of Regulatory Compliance for Enterprises

Privacy Policies

Limited Retention

Limited Disclosure

Limited Use

Limited Collection

Consent

Purpose Specification

PrivacyRights

PrivacyPermissions

PrivacyObligations

Privacy Policies for Personal Data: Core Principles

IdentityManagement

Solutions

InformationLifecycle Management

Solutions

EnterpriseIdentity Information/

Confidential Data

Management of Data/Confidential Datain Enterprises

Others(ad-hoc, etc.)

Systemic Approaches …

Presentation Outline

Background & Privacy Concepts

What is Information Lifecycle Management (ILM)?

What is Identity Management (IDM)?

Current Privacy Management in Enterprises

Moving Towards Privacy-Aware ILM in Enterprises

Conclusions

Information Lifecycle Management (ILM)

Information Lifecycle Management (ILM) is a comprehensive Approach to Manage Information Systems’ Dataand associated “Metadata” from Creation and Initial Storage to the time when it becomes Obsolete and is Deleted:

Deal with User Practices Automate Storage Procedures Information Retrieval

Information Lifecycle Management Automates: Process of Organising Data into Separate Tiers Data Migration between Tiers based on Policies

Information Lifecycle Management (ILM)

Information Lifecycle Management (ILM) provides degreesof support for the following Information/Data Management Phases:

Assessment

Data Analysis

Classification

Automation

Review

Information Lifecycle Management (ILM)

Information Lifecycle Management (ILM) Automation Technologies:

ILM Policy Engine

Search and Classify

ILM Policy Audit

Information/Document

Mover

Secure Access

Source: “Data Protection and Information Lifecycle Management Ed. Prentice Hall, Author: Petrocelli”

Information Lifecycle Management (ILM)

Current Privacy Management Capabilities:

Little or No Explicit Management of Privacy Policies

Limited Privacy Capabilities, such as Data Retention/Deletion and Access Control

No Advanced Support for Privacy Obligations

Proprietary/Ad-hoc Solutions

Lack of Integration/Interoperability with Other Solutions

Presentation Outline

Background & Privacy Concepts

What is Information Lifecycle Management (ILM)?

What is Identity Management (IDM)?

Current Privacy Management in Enterprises

Moving Towards Privacy-Aware ILM in Enterprises

Conclusions

Identity Management (IDM)

Enterprise Identity Management Solutions deal with theManagement of Digital Identities, User Accounts and User Profiles. Provide services to Applications. Support core Functionalities:

Authentication, Authorization, Audit

User Provisioning and Account Management

Data Storage

Links to Legacy Systems and Data Consolidation

Identity Management (IDM)

State-of-the-Art of Identity Management Solutions:

Privacy Mgmt

Directories Meta- Directories Virtual Directories

Data Repository Components

Authentication Authorization Auditing

Security Components

Provisioning Longevity

Lifecycle Components

Single Sign-On Personalization

Consumable Value Components

Self Service

Management Components

Fed. Mgmt User Mgmt

Access Control

Databases

Identity Management (IDM)

Current Privacy Management Capabilities:

Limited Management of Privacy Policies

Focus Mainly on Privacy-Aware Access Control

No Real Support for Privacy Obligations

Proprietary/Ad-hoc Solutions

Lack of Integration/Interoperability with Other Solutions

Presentation Outline

Background & Privacy Concepts

What is Information Lifecycle Management (ILM)?

What is Identity Management (IDM)?

Current Privacy Management in Enterprises

Moving Towards Privacy-Aware ILM in Enterprises

Conclusions

PersonalData

Applications& Services

PEOPLE

ENTERPRISE

Privacy Legislation(EU Laws, HIPAA, COPPA,SOX, GLB, Safe Harbour, …)

Customers’ Expectations

Internal Guidelines

Regulatory ComplianceCustomers’ Satisfaction

Positive Impact onReputation, Brand,Customer Retention

Enterprise Privacy Management

Impact on Enterprises and

Opportunities

Regulations, Standards,

Best Practices

Enterprise IT Infrastructure

IT Alignment

Policy Enforcement

Policy Development

Transparency

Monitoring

Reporting Effective Enterprise Privacy depends on Good Governance Practices

Data Governance in Enterprises

Personal Data and Digital Identities Handled with “Identity Management” Solutions (IDM) …

Subject to Privacy Policies

(Sensitive) Documents and Other Data Handled with “Information Lifecycle Management” Processes and Solutions (ILM) and Other Approaches …

Might Contain Personal Data … If so, Subject to Privacy Policies

Current IDM and ILM Solutions

• Exists a Dichotomy between:

“Identity Management” Solutions (IDM) …

“Information Lifecycle Management” Processes and Solutions (ILM)…

• Various Reasons:

Different Nature of Managed Information

Different Business Requirements

Different Information Usage Patterns

Identity Management

(IDM)

Identity Management

(IDM)

InformationLifecycle

Management(ILM)

InformationLifecycle

Management(ILM)

IDM and ILM: Common Aspects …

Current Dichotomy Doesn’t Help ToCurrent Dichotomy Doesn’t Help ToManage PrivacyManage Privacy

Both handle Confidential Data

Both need to Address Privacy Management

No Integrated Management of Privacy Policies

Duplication of Efforts

Privacy still based on Human Processes: Prone to Mistakes and High Costs

Requires Well-Planned, Systemic and Ongoing Efforts:

Privacy Policies and Preferences can Change over time

Data and Confidential Documents can be subject to different Privacy Laws

Data needs to be Disposed or Transformed over time

Enterprise Privacy Management [1/2]

Enterprise Privacy Management [2/2]

• Privacy-aware Access Control

Most of Privacy Solutions (+ R&D Work) currently focusing here

• Privacy Obligation Management No “Privacy-aware” Solutions are really available … Obligations dictate Duties and Expectations … Obligations are Transversals to ILM and IDM:

Impact on Information Lifecycle Management (Retention, Deletion, Notifications, Transformation, etc.)

Impact on Identity Information/ Identity Management

Under-emphasised Area …

PrivacyRights

PrivacyPermissions

Privacy

Obligations

PrivacyRights

PrivacyPermissions

PrivacyObligations

IdentityManagement

Solutions

InformationLifecycle Management

Solutions

EnterpriseIdentity Information/

Confidential Data

Privacy Obligations

Focus on Privacy-aware Information Lifecycle Management

Open Issues

Issues to be Addressed to enable Privacy-Aware Information Lifecycle Management:

Lack of AutomationLack of Automation Human-based Processes High Cost, Prone to Mistakes

Lack of Integration (e.g. ILM and IDM)Lack of Integration (e.g. ILM and IDM) Duplication of Efforts Lack of Centralization

Presentation Outline

Background & Privacy Concepts

Current Privacy Management in Enterprises

What is Information Lifecycle Management (ILM)?

What is Identity Management (IDM)?

Moving Towards Privacy-Aware ILM in Enterprises

Conclusions

Privacy-aware Information Lifecycle Management

“Privacy-Aware Information Lifecycle Management is the Process of Ensuring that the

Lifecycle of Personal and Confidential Data (inclusive of any Confidential Document) is

Managed according to stated Privacy Policies, Users’ Preferences and Enterprise Privacy

Guidelines”

Privacy-aware Information Lifecycle Management

Requirements, Core Properties and Features

HP Labs Current R&D Work in this Area

Next Steps

Requirements [1/2]

Dictated by Privacy Laws, Best Practices, Common Sense:

Enterprise should clearly state the Purposes for collecting personal/confidential data and Processing Criteria Openness and Transparency over Enterprise Processes

People should: Be enabled to express their Privacy Preferences (e.g. Deletion)

Be Notified of changes affecting the management of their personal data Retain a degree of Control on their data

Lifecycle of Data driven by all these Aspects

Requirements [2/2]

Enforcement and Compliance Checking of Privacy Obligations

Importance of Automating the Handling Privacy Obligations to Enable Privacy-Aware Information Lifecycle Management

Importance of doing this across ILM and IDM Solutions

Privacy-aware Information Lifecycle Management Solutions

Expected Core Properties and Functionalities:

Explicit Modelling of Personal/Confidential Data

Explicit Representation of Privacy Policies (e.g. Obligations)

Integrated Management of these Policies (e.g. Security Policies)

Deployment and Enforcement of these Policies:

Leveraging IDM and ILM Infrastructures

Integrated Monitoring and Checking for Compliance

Privacy-aware ILM: Our Approach

• HP Labs R&D Work on Privacy Obligation Management

• Usage of an Obligation Management System (OMS) as Foundation of Privacy-aware ILM, across ILM and IDM Solutions

ObligationManagementSystem

ObligationsScheduling

ObligationsEnforcement

ObligationsMonitoring

PersonalData (PII)

DataSubjects

Administrators

ENTERPRISE

Obligation Management System (OMS): Model

Privacy Obligations

PrivacyPreferences

OMS to Enable Privacy-aware ILM [1/3]

• Obligation Management System (OMS):

Centralised Modelling and Abstraction of Managed Data

Centralised Representation and Authoring of Privacy Obligations

Orchestrates the Deployment, Enforcement and Monitoring of Obligations within Existing ILM and IDM Systems

OMS to Enable Privacy-aware ILM [2/3]

Obligation Management System

Obligation Management System

ILM SystemsILM Systems IDM SystemsIDM SystemsOther …Other …

Data RepositoriesDoc. Repositories Other Storage …

EnterpriseInformation

Policy

Control

Policy

Control

Policy

Control

PrivacyPreferences

PrivacyPolicies &Models

IdentityManagement

Solution (IDM)

IdentityManagement

Solution (IDM)

Information Lifecycle

ManagementSolution (ILM)

Information Lifecycle

ManagementSolution (ILM)

Obligation Management System (OMS)

Data Abstraction

and Modelling

Obligation PolicyRepresentation & Lifecycle Mgmt

ObligationDeployment &Enforcement

ObligationMonitoring

Users

Data + PrivacyPreferences

Adaptors Adaptors

Administrators

ObligationPolicies

Models

ENTERPRISE

DeployPolicies

&Enforce

Monitor & ComplianceCheck

OMS to Enable Privacy-aware ILM [3/3]

Current Status and Next Steps

• OMS System: HP Labs Proof of Concept Integrated with IDM Solution Exploring its Integration with ILM Solution

• Need to Further Explore some Security Implications

• First Step Towards Privacy-aware ILM Current Objective: Create Awareness of Privacy-aware ILM

• Work in Progress …

Presentation Outline

Background & Privacy Concepts

Current Privacy Management in Enterprises

What is Information Lifecycle Management (ILM)?

What is Identity Management (IDM)?

Moving Towards Privacy-Aware ILM in Enterprises

Conclusions

Conclusions Importance of Privacy Management for Enterprises

Obligation Management is Key to Privacy-aware Information Lifecycle Management

Current Obligation Management: underestimated, ad-hoc, …

Need to Centralise Obligation Policies for their Enforcement/Monitoring

& Integrate with current ILM and IDM Solutions

Importance of Creating Awareness of Need for a Comprehensive, Enterprise-wide Privacy-aware Information Lifecycle Management

HP Labs: Work in Progress …