Towards Formal Modeling of Privacy Policies of Enterprises

Collection, storage and processing of personally identifiable information and other sensitive information by enterprises are leading to privacy concerns for individuals, in particular, and society, in general. As privacy has been declared as a fundamental right in many countries, authorities are implementing privacy laws and guidelines to be followed by enterprises. Similarly, enterprises are also designing their own privacy policies to assure their clients about privacy concerns. In this paper, privacy has been considered as a business requirement rather than security requirement, and a methodology for formal representation of privacy policies has been presented. Privacy policies of different types of enterprises have been analysed and common privacy clauses have been identified from those policies. The related vocabularies have been defined and clauses have been expressed using a formal language. Finally, a case study has been presented to illustrate the usefulness of this approach.