IBM has unveiled an open-standard privacy language designed to provide the enterprise with a way to automate the enforcement of privacy policies in both applications and systems.
The Enterprise Privacy Authorisation Language (EPAL) is a means to express data-handling policies inside the enterprise, said Paul Fritz, product manager at Tivoli Software and IBM.
EPAL goes one step further than the existing privacy specification called Platform for Privacy Preferences (P3P).
That specification was released by the World Wide Web Consortium (W3C) in April 2002 and was designed to communicate privacy policies from business applications to consumer applications.
"P3P is more concerned about advertising my policy to an individual... it’s not robust enough when used internally between applications inside an enterprise trying to implement a [privacy] policy," he said. "What was lacking was a language that the enterprise could use internally to express its policies."
The need for this type of language stems from the ever-changing rules and regulations associated with privacy issues and from the growing need for organisations to follow strict rules and guidelines when it comes to corporate information.
It also grows out of the need to build enforcement into enterprise applications so companies can automate management tasks.
At one point it was enough for a company to know who had access to specific information, but now those companies need to know more detailed facts such as business motivation behind employees accessing certain information, Fritz added.
EPAL is a way to automate the enforcement of privacy policies and to express those data handling policies.
IBM is also setting the stage to making EPAL legitimate and said it would submit EPAL for standardisation within the next few months.
Allison Taylor writes for ITWorldCanada.com