TY - GEN
T1 - DataTags, Data Handling Policy Spaces and the Tags Language
AU - Bar-Sinai, Michael
AU - Sweeney, Latanya
AU - Crosas, Merce
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/8/1
Y1 - 2016/8/1
N2 - Widespread sharing of scientific datasets holds great promise for new scientific discoveries and great risks for personal privacy. Dataset handling policies play the critical role of balancing privacy risks and scientific value. We propose an extensible, formal, theoretical model for dataset handling policies. We define binary operators for policy composition and for comparing policy strictness, such that propositions like «this policy is stricter than that policy» can be formally phrased. Using this model, The policies are described in a machine-executable and human-readable way. We further present the Tags programming language and toolset, created especially for working with the proposed model. Tags allows composing interactive, friendly questionnaires which, when given a dataset, can suggest a data handling policy that follows legal and technical guidelines. Currently, creating such a policy is a manual process requiring access to legal and technical experts, which are not always available. We present some of Tags' tools, such as interview systems, visualizers, development environment, and questionnaire inspectors. Finally, we discuss methodologies for questionnaire development. Data for this paper include a questionnaire for suggesting a HIPAA compliant data handling policy, and formal description of the set of data tags proposed by the authors in a recent paper.
AB - Widespread sharing of scientific datasets holds great promise for new scientific discoveries and great risks for personal privacy. Dataset handling policies play the critical role of balancing privacy risks and scientific value. We propose an extensible, formal, theoretical model for dataset handling policies. We define binary operators for policy composition and for comparing policy strictness, such that propositions like «this policy is stricter than that policy» can be formally phrased. Using this model, The policies are described in a machine-executable and human-readable way. We further present the Tags programming language and toolset, created especially for working with the proposed model. Tags allows composing interactive, friendly questionnaires which, when given a dataset, can suggest a data handling policy that follows legal and technical guidelines. Currently, creating such a policy is a manual process requiring access to legal and technical experts, which are not always available. We present some of Tags' tools, such as interview systems, visualizers, development environment, and questionnaire inspectors. Finally, we discuss methodologies for questionnaire development. Data for this paper include a questionnaire for suggesting a HIPAA compliant data handling policy, and formal description of the set of data tags proposed by the authors in a recent paper.
KW - DSL
KW - data handling policy
KW - data repository
KW - datatags
KW - legal modeling
UR - http://www.scopus.com/inward/record.url?scp=85008613711&partnerID=8YFLogxK
U2 - 10.1109/SPW.2016.11
DO - 10.1109/SPW.2016.11
M3 - Conference contribution
AN - SCOPUS:85008613711
T3 - Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
SP - 1
EP - 8
BT - Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
PB - Institute of Electrical and Electronics Engineers
T2 - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
Y2 - 23 May 2016 through 25 May 2016
ER -