Privacy Research Institute
Projects
	IDEMIX (Identity mixing)
	SPARCLE Privacy Policy Workbench
	Enterprise privacy architecture (EPA)
	Radio frequency identification (RFID)
	Enterprise privacy authorization language (EPAL)
	PeopleVision
	Federated identity managment
	Privacy-preserving data mining
	Hippocratic database
	J2EE application deployment
	JDBC/SQL privacy monitoring for TPM (JSPM)
Links
Publications

Enterprise privacy architecture (EPA)

Project overview

EPA helps enterprises maximize e-business trust

EPA represents a new approach to privacy that helps organizations understand how privacy impacts business processes. Using object-oriented methods, EPA maps privacy parties, rules, and data to new or existing business processes and gives organizations powerful privacy management controls based on consumer preferences, privacy best practices, and business requirements.

Audit services help organizations evaluate regulatory compliance and develop corporate privacy policies. EPA services are designed to build privacy polices from the bottom up, based on an analysis of business processes. EPA is a business transformation service, because customer data sits at the heart of every enterprise, and privacy impacts everything an organization does with customer data.

EPA was designed to be built into Line of Business or Customer Centric business applications, enterprise architectures, and management strategies. EPA services help organizations minimize the risks of inadvertent privacy disclosures by showing them exactly where the Personally Identifiable Information (PII) is in their enterprise and how to effectively install privacy controls. It's like enterprise plumbing, when there is a leak you want to know exactly where it is in the system so you can immediately turn off the right tap and start cleaning up the spill.

EPA also helps organizations maximize e-business trust. E-business requires consumers to give up far more information about themselves to complete a transaction. The information is given through an impersonal medium and business is often conducted with organizations unknown and far away. Online trust is a process that starts with effective data privacy and security, but relies on organizational openness, transparency and communication.

A unique aspect of EPA is that it provides an analysis of privacy in the context of real business processes by stripping privacy down to its most essential form of actors, rules and data. This is accomplished via object modeling techniques that compile a picture of privacy flows where obligations, risks and opportunities can be clearly identified. This analysis also provides clear linkage to identify which privacy enhancing technologies are appropriate and provides the raw data necessary to customize technology implementations.

Business value

EPA helps businesses to mitigate privacy risk and build consumer trust by
»	identifying applicable regulations and their requirements on the business,
»	identifying what personal data is collected and how it is used, and
»	communicating clear privacy promises to consumers.

	More information on this project.