Award Abstract # 0831124
Collaborative Research: CT-M: Privacy, Compliance and Information Risk in Complex Organizational Processes

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: NEW YORK UNIVERSITY
Initial Amendment Date: August 15, 2008
Latest Amendment Date: July 21, 2011
Award Number: 0831124
Award Instrument: Continuing Grant
Program Manager: Jeremy Epstein
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: September 1, 2008
End Date: February 28, 2014 (Estimated)
Total Intended Award Amount: $187,500.00
Total Awarded Amount to Date: $250,000.00
Funds Obligated to Date: FY 2008 = $62,500.00
FY 2009 = $125,000.00
FY 2011 = $62,500.00
History of Investigator:
  • Helen Nissenbaum (Principal Investigator)
     hn288@cornell.edu
Recipient Sponsored Research Office: New York University
 70 WASHINGTON SQ S
 NEW YORK
 NY  US  10012-1019
(212)998-2121
Sponsor Congressional District: 10
Primary Place of Performance: New York University
 70 WASHINGTON SQ S
 NEW YORK
 NY  US  10012-1019
Primary Place of Performance
Congressional District:		 10
Unique Entity Identifier (UEI): NX9PXMKW5KW8
Parent UEI:
NSF Program(s): CYBER TRUST,
TRUSTWORTHY COMPUTING
Primary Program Source: 01000809DB NSF RESEARCH & RELATED ACTIVIT
01000910DB NSF RESEARCH & RELATED ACTIVIT
01001112DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 9218, HPCC
Program Element Code(s): 737100, 779500
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Modern organizations, such as businesses, non-profits, government
agencies, and universities, collect and use personal information from
a range of sources, shared with specific expectations about how it
will be managed and used. Accordingly, they must find ways to comply
with expectations, which may be complex and varied, as well as with
relevant privacy laws and regulations, while they minimize
operational risk and carry out core functions of the organization
efficiently and effectively. Designing organizational processes to
manage personal information is one of the greatest challenges facing
organizations (see, e.g. a recent survey by Deloitte and the Ponemon
Institute [TI07]), with far-reaching implications for every
individual whose personal information is available to modern
organizations, i.e. all of us.

This project responds to these challenges by developing methods,
algorithms and prototype tools for integrating privacy, compliance,
and risk evaluation into complex organizational processes. It
explores, articulates and characterizes formally the scope and nature
of privacy-expectations of stakeholders as well as those of key
regulations, such as HIPAA, GLBA, COPPA, BASEL 2, and Sarbanes-Oxley
(SOX). It incorporates the diverse perspectives and areas of
expertise of its multidisciplinary research team, which includes
three computer scientists, one philosopher, and collaborating
researchers from IBM. This industry connection facilitates
interaction with product teams that have served complex organizations
concerned with business process integrity, information security,
privacy, and information risk management. The research builds on
"contextual integrity" (a philosophical account of privacy) as well
as language and risk-based methods for privacy policy specification
and enforcement. Extensive training and educational opportunities are
provided to undergraduate and graduate students and research results
integrated into courses at CMU, NYU, Stanford, and UPenn.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

H. Nissenbaum "From Preemption to Circumvention: If Technology Regulates Why Do We Need Regulation (and Vice Versa)?" Berkeley Technology Law Journal , v.26 , 2012 , p.3
V. Toubiana and H. Nissenbaum "An Analysis of Google Log Retention Policies" The Journal of Privacy and Confidentiality , v.3 (1) , 2011
A. Conley, A. Datta, H. Nissenbaum, D. Sharma "Sustaining both Privacy and Open Justice in the Transition from Local to Online Access to Court Records: A Multidisciplinary Inquiry" Maryland Law Review , v.71 , 2012 , p.3
H. Nissenbaum "A Contextual Approach to Privacy Online" Daedalus , v.140 (4) , 2011 , p.32

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

<!-- /* Font Definitions */ @font-face {font-family:Times; panose-1:2 0 5 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"?? ??"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 134676480 16 0 131072 0;} @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:-536870145 1107305727 0 0 415 0;} @font-face {font-family:Cambria; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:-536870145 1073743103 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Cambria; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"?? ??"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; mso-pagination:widow-orphan; font-size:10.0pt; font-family:Times; mso-fareast-font-family:"?? ??"; mso-fareast-theme-font:minor-fareast; mso-bidi-font-family:"Times New Roman";} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-family:Cambria; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"?? ??"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} /* List Definitions */ @list l0 {mso-list-id:885291929; mso-list-type:hybrid; mso-list-template-ids:1008342642 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;} @list l0:level1 {mso-level-text:"%1\)"; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in;} @list l0:level2 {mso-level-number-format:alpha-lower; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in;} @list l0:level3 {mso-level-number-format:roman-lower; mso-level-tab-stop:none; mso-level-number-position:right; text-indent:-9.0pt;} @list l0:level4 {mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in;} @list l0:level5 {mso-level-number-format:alpha-lower; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in;} @list l0:level6 {mso-level-number-format:roman-lower; mso-level-tab-stop:none; mso-level-number-position:right; text-indent:-9.0pt;} @list l0:level7 {mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in;} @list l0:level8 {mso-level-number-format:alpha-lower; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in;} @list l0:level9 {mso-level-number-format:roman-lower; mso-level-tab-stop:none; mso-level-number-position:right; text-indent:-9.0pt;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} -->

The project addressed crucial privacy problems that emerge when institutions enrich existing practices with personal information. This often occurs when IT systems are introduced into an organization, allowing the augmentation of internal systems with information/data in digital formats and enabling new ways of accessing institutiona...

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top