1 / 14

Agenda

Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. Hung Dickson K.W. Chiu W.W. Fung William K. Cheung Raymond Wong Samuel P.M. Choi Eleanna Kafeza James Kwok Jousha C.C. Pun Vivying S.Y. Cheng. Agenda.

dutcher
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. Hung Dickson K.W. Chiu W.W. Fung William K. Cheung Raymond Wong Samuel P.M. Choi Eleanna Kafeza James Kwok Jousha C.C. Pun Vivying S.Y. Cheng BSIM0012

  2. Agenda • Introduction • Background Information • Towards End-to-End Privacy Control • Conclusions and Future Works

  3. Introduction • Marketing is a strategy for selling products more efficiently. • sales promotion strategies for making consumers recognize a product’s existence • persuading them to take purchase actions • circulation strategies for efficiently delivering the desired product • continuation strategies such as after-sales service and claim processing. • Outsourcing of marketing activities widely adopted • raises the concern of privacy issues.

  4. Privacy • Privacy is a state or condition of limited access to a person. • Ref: SCHOEMAN, E. D. 1984. Philosophical Dimensions of Privacy: An Anthology. New York, NY, Cambridge Univ. Press. • Information privacy relates to an individual’s right to determine how, when, and to what extent information about the self will be released to another person or to an organization.

  5. Example Scenario • A bank performs a marketing campaign by calling its credit card holders. • Outsource the calling activity to a third-party service provider • resource problems / other economic reasons • Personal information required • name, credit card number, gender, age group, salary range, and even addresses activity • Under current practices, all the necessary credit card holders’ data are transferred in bulk from the bank to the marketing company. • large amount of personal information.

  6. Example Process with Web Service Solution

  7. What is Web Service • W3C definition of a Web Service • has a unique Uniform Resource Identifier (URI) • URI are commonly in the form of URL • can be defined, described, and discovered using XML • supports exchange of XML messages via Internet-based protocols • http://www.w3.org/2002/ws/ • Supported by all major computing companies, e.g., IBM, Microsoft, Sun, and etc.

  8. Access Control Concepts

  9. Access Control Languages • Enterprise Privacy Authorization Language (EPAL) • By IBM - www.zurich.ibm.com/security/enterprise-privacy/ • encode an enterprise’s privacy-related data-handling policies and practices. • An EPAL policy defines lists of hierarchies of data-categories, data-users, and purposes, and sets of actions, obligations, and conditions. • Platform for Privacy Preferences (P3P) • Current W3C standard • http://www.w3.org/P3P/

  10. A Layered Framework for Tackling Privacy Protection

  11. Conceptual Model of Web-Service Based Privacy Access Control

  12. Implementation Architecture

  13. Conclusion • A layered architecture and methodology for the facilitation of privacy control based-on Web services. • A conceptual model of Web-service-based privacy access control to facilitate the design of an implementation architecture. • Outsourced marketing companies can be integrated with adequate control and auditing. • Practicability showing how the call center software for a typical marketing activity can be integrated effectively with the banks’ Web service • Only the required part of a customer record is retrieved through the appropriate data views and sent one at a time to achieve strict end-to-end privacy.

  14. Future Work • Use P3P instead of EPAL • Ontology: Adopt OWL vocabularies for classifications • Critical success factors • Cost and technical requirements • Implementation issues • Extending the framework to other applicable scenarios such as credit reference agencies.

More Related