Privacy compliance for e-commerce in web services architecture

Due to improvements in various fields of Information Technology (IT) and electronic devices, much data has been and is continually being collected on customers/citizens through various channels, such as monitoring devices or eCommerce channels. Many news items, dealing with security breaches and inappropriate use of private data, have attracted a lot of attention and created pressure on governments to regulate the use of private data. Governments have responded with enacting privacy laws that regulate the collection and use of private data in various domains, such as HIPPA in the US for health data and PIPEDA in Canada for data collected online. Most companies today inform users under which privacy policies data is collected and tools have also been created to provide users/customers with automated agents that fetch the web site's privacy policy and compare it the user's privacy preferences. However there is urgent need to provide appropriate tools for enforcement of privacy policies, that is, to ensure that private data is indeed used that satisfy the privacy policy under which it was collected. This is a very challenging problem because eCommerce/eBusiness is complex due to integration of various enterprise systems within organizations, and due to increased B2B integration, cross border e-commerce, e-business, mobile commerce, etc. Moreover, dealing with privacy issues has not been designed into software applications, but rather "bolted on" after applications are installed. The focus of this research project is develop new scientific methods and tools to enforce privacy policies, specifically to create mechanisms to (i) monitor the movement of private data between the various integrated subsystems and storage of data by the subsystems; (ii) determine how the private data is used by subsystems and applications; and (iii) ensure that the data use and storage of private data satisfies the privacy policies under which they were collected.