Paper Info
Title
Experiences in the logical specification of the HIPAA and GLBA privacy laws
Abstract
Despite the wide array of frameworks proposed for the formal specification and analysis of privacy laws, there has been comparatively little work on expressing large fragments of actual privacy laws in these frameworks. We attempt to bridge this gap by giving complete logical formalizations of the transmission-related portions of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). To this end, we develop the PrivacyLFP logic, whose features include support for disclosure purposes, real-time constructs, and self-reference via fixed points. To illustrate these features and demonstrate PrivacyLFP's utility, we present formalizations of a collection of clauses from these laws. Due to their size, our full formalizations of HIPAA and GLBA appear in a companion technical report. We discuss ambiguities in the laws that our formalizations revealed and sketch preliminary ideas for computer-assisted enforcement of such privacy policies.
Year
DOI
Venue
2010
10.1145/1866919.1866930
WPES
Keywords
Field
DocType
gramm-leach-bliley act,accountability act,actual privacy law,computer-assisted enforcement,health insurance portability,logical specification,privacy policy,companion technical report,privacy law,glba privacy law,complete logical formalization,privacylfp logic,real time,fixed point,security
Internet privacy,Health Insurance Portability and Accountability Act,Actual Privacy,Computer science,Computer security,Privacy policy,Formal specification,Enforcement,Technical report,Sketch,Privacy laws of the United States
Conference
Citations 
PageRank 
References 
28
1.05
12
Authors
5
Name
Order
Citations
PageRank
Henry DeYoung1694.74
Deepak Garg258145.48
Limin Jia366671.97
Dilsun Kaynar427214.05
Anupam Datta5161787.21