Measuring Semantic Similarity across EU GDPR Regulation and Cloud Privacy Policies

Elluri, Lavanya; Joshi, Karuna Pande; Kotal, Anantaa

doi:10.1109/bigdata50022.2020.9377864

Cited by 12 publications

(9 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Along with HIPAA key terms, the semantic similarity between the organizational privacy policy and HIPAA regulation is indicative of compliance ( Elluri et al, 2020 ). In our framework, we evaluated the semantic similarity between organizational privacy policies and HIPAA regulation.…”

Section: Framework To Securely Access Covid-19 Datamentioning

confidence: 99%

A Policy-Driven Approach to Secure Extraction of COVID-19 Data From Research Papers

et al. 2021

Self Cite

View full text Add to dashboard Cite

The entire scientific and academic community has been mobilized to gain a better understanding of the COVID-19 disease and its impact on humanity. Most research related to COVID-19 needs to analyze large amounts of data in very little time. This urgency has made Big Data Analysis, and related questions around the privacy and security of the data, an extremely important part of research in the COVID-19 era. The White House OSTP has, for example, released a large dataset of papers related to COVID research from which the research community can extract knowledge and information. We show an example system with a machine learning-based knowledge extractor which draws out key medical information from COVID-19 related academic research papers. We represent this knowledge in a Knowledge Graph that uses the Unified Medical Language System (UMLS). However, publicly available studies rely on dataset that might have sensitive data. Extracting information from academic papers can potentially leak sensitive data, and protecting the security and privacy of this data is equally important. In this paper, we address the key challenges around the privacy and security of such information extraction and analysis systems. Policy regulations like HIPAA have updated the guidelines to access data, specifically, data related to COVID-19, securely. In the US, healthcare providers must also comply with the Office of Civil Rights (OCR) rules to protect data integrity in matters like plasma donation, media access to health care data, telehealth communications, etc. Privacy policies are typically short and unstructured HTML or PDF documents. We have created a framework to extract relevant knowledge from the health centers’ policy documents and also represent these as a knowledge graph. Our framework helps to understand the extent to which individual provider policies comply with regulations and define access control policies that enforce the regulation rules on data in the knowledge graph extracted from COVID-related papers. Along with being compliant, privacy policies must also be transparent and easily understood by the clients. We analyze the relative readability of healthcare privacy policies and discuss the impact. In this paper, we develop a framework for access control decisions that uses policy compliance information to securely retrieve COVID data. We show how policy compliance information can be used to restrict access to COVID-19 data and information extracted from research papers.

show abstract

Section: Framework To Securely Access Covid-19 Datamentioning

confidence: 99%

A Policy-Driven Approach to Secure Extraction of COVID-19 Data From Research Papers

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Now that in mobile wallets, payment can also be made through a debit card; hence, the EFTA act applies to mobile wallets too. Some of the key obligations for this act is that the rule establishes the consumer rights to several disclosures and error resolution procedures for unauthorized or otherwise erroneous transactions [15]. The disclosures include upfront disclosures regarding, among other things, the terms and conditions of the EFT service and how error resolution procedures will work.…”

Section: A Electronic Fund Transfer Act/regulationmentioning

confidence: 99%

“…TILA is meant to apply to creditors that offer credit products such as credit cards but may apply to mobile payment systems when mobile payment is funded by a credit card or other TILA covered credit account. It applies to mobile wallets compliance policy when the underlying payment source is a credit card (or other credit account covered by TILA and Regulation Z) [15]. Some of the key obligations that are part of the TILA act are that the Creditors or any organizations are required to provide disclosures to consumers describing costs, including interest rate, billing rights, and dispute procedures.…”

Section: A Electronic Fund Transfer Act/regulationmentioning

confidence: 99%

“…2) Deontic Expressions: Modal logic is considered as a broad term that is used to cover various other forms of logic, such as temporal logic and deontic logic [8] [19] [15]. Deontic logic further consists of four types of modalities that helps in classifying statement rules as Permissions, Obligations, Dispensations, or Prohibitions.…”

Section: B Data Prepossessingmentioning

confidence: 99%

See 1 more Smart Citation

Automated Compliance of Mobile Wallet Payments for Cloud Services

Nagar

Elluri

Joshi

2021

2021 7th IEEE Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Sma

Self Cite

View full text Add to dashboard Cite

Mobile payments are on the rise, and as their popularity is emerging, providers must adhere to security regulations to ensure consumer confidence. There is currently no single regulation specific to mobile wallets, so existing banking transactions are used to secure mobile payment transactions. These financial regulations are large textual documents and require significant manual effort to comprehend and ensure compliance adherence. Thus, it is difficult for both the consumers and providers to understand which specific rules in these regulations apply to their mobile wallet transactions. We have created an integrated knowledge representation of the four main banking regulations that apply to mobile payment Electronic Funds Transfer Act (EFTA), Truth in Lending Act (TILA), Gramm-Leach-Bliley Act (GLBA), and Payment Card Industry Data Security Standards (PCI-DSS). In this paper, we present our framework in detail along with the qualitative and quantitative measures that were used to validate the design against the policies of six major vendors that deal with mobile payments. Our integrated mobile payment knowledge graph, which is available in the public domain, can be used by practitioners to automate mobile wallet transaction compliance in their organization.

show abstract

“…Most of the semantically similar key terms associated with regulation must be referred in an organization's privacy policy. Therefore, the occurrence of these terms or words associated with them is a significant indication of an organization policy's agreement with the HIPAA regulations [22]. We assessed the occurrence of HIPAA key terms and associated terms in a privacy policy document.…”

Section: A Knowledge Graphmentioning

confidence: 99%