Effective solutions for privacy protection are of interest to industry, government and society at large, but the challenge is to satisfy the often-conflicting requirements of all these stakeholders. Legislation (such as HIPAA, COPPA and GLBA) that constrains privacy and security practices within systems and organizations present additional technical challenges. This seminar will discuss mechanisms that enterprises can use to ensure that their systems are compliant with both the policies they articulate and law. Additionally, we will address the need to understand how to specify, deploy, communicate and enforce privacy policies. Legislators and regulatory bodies need mechanisms to verify how privacy-related laws are actually enforced by enterprises in their software systems. To this end, we are developing compliance monitors to detect violation of stakeholder rights and obligations as expressed in law. Finally, end-users must be able to easily understand privacy policies and need effective, transparent and comprehensible online privacy-protection mechanisms -- we will discuss preliminary results of our most recent survey of 975 Internet users in which we compared various ways to represent privacy management information to online healthcare consumers.
About The Speaker:
Dr. Annie I. Antón is an Associate Professor of Software Engineering in the College of Engineering at the North Carolina State University and a visiting faculty (sabbatical) scholar at Purdue University's CERIAS. She received her Ph.D. in Computer Science in June of 1997 from the College of Computing at the Georgia Institute of Technology in Atlanta. She received a BS in Information and Computer Science with a minor in Technical and Business Communication in 1990 and an MS in Information and Computer Science in 1992 (also from Georgia Tech). After one year at the University of South Florida, Dr. Antón joined the computer science department at NC State. She was awarded an NSF CAREER Award in 2000, named a CRA Digital Government Fellow in 2002, nominated and selected for the 2004-2005 IDA/DARPA Defense Science Study Group, and received the CSO (Chief Security Officer) Magazine "Woman of Influence in the Public Sector" award at the 2005 Executive Women's Forum. She is associate editor of IEEE Transactions on Software Engineering and the cognitive issues area editor for the Requirements Engineering Journal. She is a member of the International Association of Privacy Professionals, a senior member of the IEEE as well as a member of the ACM U.S. Public Policy Executive Committee. Antón currently serves on three boards: the NSF Computer & Information Science & Engineering Directorate Advisory Council, the CRA-W Board, and an Intel Advisory Board. She has been elected to begin a three-year term on the Computing Research Association Board of Directors on July 1, 2006. She is a former member of the Microsoft Research University Relations Faculty Advisory Board and the Georgia Tech Advisory Board (GTAB). Dr. Antón is director of ThePrivacyPlace.Org (http://theprivacyplace.org), and co-director of the NC State Electronic Commerce Studio. Her URL is: http://www.csc.ncsu.edu/faculty/anton.