A Provenance-Based Compliance Framework

Aldeco-Pérez, Rocío; Moreau, Luc

doi:10.1007/978-3-642-15877-3_14

Cited by 8 publications

(5 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the realm of data classification and grading, scholars typically commence their endeavors by establishing policies to ensure data compliance, which serves as a foundational step in constructing programs and frameworks for data classification and grading. For instance, Aldeco-Perez et al introduced a compliance analysis framework based on data source and data usage, aligned with the UK Data Protection Act [24,25]. Their approach focuses on averting the misuse of personal sensitive data and evaluating the propriety of its utilization.…”

Section: Data Classification and Grading Frameworkmentioning

confidence: 99%

UP-SDCG: A Method of Sensitive Data Classification for Collaborative Edge Computing in Financial Cloud Environment

Zu,

Qi,

et al. 2024

Future Internet

View full text Add to dashboard Cite

The digital transformation of banks has led to a paradigm shift, promoting the open sharing of data and services with third-party providers through APIs, SDKs, and other technological means. While data sharing brings personalized, convenient, and enriched services to users, it also introduces security risks, including sensitive data leakage and misuse, highlighting the importance of data classification and grading as the foundational pillar of security. This paper presents a cloud-edge collaborative banking data open application scenario, focusing on the critical need for an accurate and automated sensitive data classification and categorization method. The regulatory outpost module addresses this requirement, aiming to enhance the precision and efficiency of data classification. Firstly, regulatory policies impose strict requirements concerning data protection. Secondly, the sheer volume of business and the complexity of the work situation make it impractical to rely on manual experts, as they incur high labor costs and are unable to guarantee significant accuracy. Therefore, we propose a scheme UP-SDCG for automatically classifying and grading financially sensitive structured data. We developed a financial data hierarchical classification library. Additionally, we employed library augmentation technology and implemented a synonym discrimination model. We conducted an experimental analysis using simulation datasets, where UP-SDCG achieved precision surpassing 95%, outperforming the other three comparison models. Moreover, we performed real-world testing in financial institutions, achieving good detection results in customer data, supervision, and additional in personally sensitive information, aligning with application goals. Our ongoing work will extend the model’s capabilities to encompass unstructured data classification and grading, broadening the scope of application.

show abstract

Section: Data Classification and Grading Frameworkmentioning

confidence: 99%

UP-SDCG: A Method of Sensitive Data Classification for Collaborative Edge Computing in Financial Cloud Environment

Zu,

Qi,

et al. 2024

Future Internet

View full text Add to dashboard Cite

show abstract

“…Towards such a mapping, provenance mechanisms show real potential [38,23,30,20,39]. Provenance concerns capturing information describing data: it can involve recording the data's lineage, including where it came from, where it moves to, and the associated dependencies, contexts (e.g.…”

Section: Technical Mechanisms For Supporting Reviewabilitymentioning

confidence: 99%

“…Provenance is an active area of research [41], and is commonly applied in a research context to assist in reproducibility by recording the data, workflows and computation of scientific processes [41,42]. The potential for provenance to assist compliance with specific information management (compliance) obligations has previously been considered [38,30,39,20,23], though these often focus on a particular technical aspect, be it representation or capture. However, the use of data provenance methods for general systems-related accountability concerns represents an emerging area warranting further consideration.…”

Section: Decision Provenance: Exposing the Decision Pipelinesmentioning

confidence: 99%

Towards an accountable Internet of Things: A call for reviewability

Norval¹,

Cobbe²,

Singh³

2021

Preprint

View full text Add to dashboard Cite

As the IoT becomes increasingly ubiquitous, concerns are being raised about how IoT systems are being built and deployed. Connected devices will generate vast quantities of data, which drive algorithmic systems and result in real-world consequences. Things will go wrong, and when they do, how do we identify what happened, why they happened, and who is responsible? Given the complexity of such systems, where do we even begin?This chapter outlines aspects of accountability as they relate to IoT, in the context of the increasingly interconnected and data-driven nature of such systems. Specifically, we argue the urgent need for mechanisms-legal, technical, and organisationalthat facilitate the review of IoT systems. Such mechanisms work to support accountability, by enabling the relevant stakeholders to better understand, assess, interrogate and challenge the connected environments that increasingly pervade our world.

show abstract

“…Provenance is an active area of research [25], and is commonly applied in a research context to assist in reproducibility by recording the data, workflows and computation of scientific processes [25], [26]. The potential for provenance to assist compliance with specific information management obligations has previously been considered (often focusing on a particular technical aspect, be it representation or capture) [22], [23], [27]- [29]. However, the use of data provenance methods generally for systems-related accountability concerns, as detailed above, has yet to be considered in depth.…”

Section: Decision Provenance: Exposing the Decision Pipelinementioning

confidence: 99%

“…21 Though, as mentioned, provenance has been considered for some specific compliance aspects (see for e.g. [22], [23], [27]- [29]), the broader accountability considerations have yet to be explored in depth. In terms of decision provenance operating between systems and across boundaries, many of the open challenges predominately stem from the scale, federation, and complexity of what are effectively wide-scale distributed systems that can encompass a range of technologies, and also a number of organisations with different and possibly competing incentives.…”

Section: Using the Decision Pipeline: Points For Investigationmentioning

confidence: 99%

Decision Provenance: Harnessing Data Flow for Accountable Systems

2019

View full text Add to dashboard Cite

Demand is growing for more accountability regarding the technological systems that increasingly occupy our world. However, the complexity of many of these systems -often systems-of-systems -poses accountability challenges. A key reason for this is because the details and nature of the information flows that interconnect and drive systems, which often occur across technical and organisational boundaries, tend to be invisible or opaque. This paper argues that data provenance methods show much promise as a technical means for increasing the transparency of these interconnected systems. Specifically, given the concerns regarding ever-increasing levels of automated and algorithmic decision-making, and so-called 'algorithmic systems' in general, we propose decision provenance as a concept showing much promise. Decision provenance entails using provenance methods to provide information exposing decision pipelines: chains of inputs to, the nature of, and the flow-on effects from the decisions and actions taken (at design and run-time) throughout systems. This paper introduces the concept of decision provenance, and takes an interdisciplinary (tech-legal) exploration into its potential for assisting accountability in algorithmic systems. We argue that decision provenance can help facilitate oversight, audit, compliance, risk mitigation, and user empowerment, and we also indicate the implementation considerations and areas for research necessary for realising its vision. More generally, we make the case that considerations of data flow, and systems more broadly, are important to discussions of accountability, and complement the considerable attention already given to algorithmic specifics.

show abstract

A Provenance-Based Compliance Framework

Cited by 8 publications

References 13 publications

UP-SDCG: A Method of Sensitive Data Classification for Collaborative Edge Computing in Financial Cloud Environment

UP-SDCG: A Method of Sensitive Data Classification for Collaborative Edge Computing in Financial Cloud Environment

Towards an accountable Internet of Things: A call for reviewability

Decision Provenance: Harnessing Data Flow for Accountable Systems

Contact Info

Product

Resources

About