IBM Introduces Enterprise Privacy Authorization Language (EPAL)
IBM Introduces New Language to Automate Privacy Compliance
North Carolina State University Team Develops Editor for Enterprise Privacy Authorization Language
San Francisco, CA, USA. Burton Group Catalyst Conference. July 09, 2003.
[At the Burton Group Catalyst Conference] IBM announced the first computer language to provide enterprises with a way to automate the enforcement of privacy policies among IT applications and systems.
The Enterprise Privacy Authorization Language (EPAL) is an important leap forward in privacy-enabling technology, giving developers the power to extend specific privacy rules across internal business systems then automate compliance to those rules. Current privacy specifications, such as the Platform for Privacy Preferences (P3P), which was released by the World Wide Web Consortium in April 2002, communicate privacy policies from business applications to consumer applications. EPAL goes one step further, providing an XML language that enables organizations to enforce P3P policies behind the Web, among applications and databases.
By building enforcement into enterprise applications, companies can automate tedious privacy management tasks. By automating these often laborious and complex business processes, companies can reduce costs and increase productivity.
"With EPAL, organizations finally have a sophisticated language to help automate the enforcement of the privacy policies they've put in place to protect consumer data," says Arvind Krishna, vice president of security products, Tivoli Software, IBM. "With EPAL and other privacy innovations, developers can enhance consumer trust and better demonstrate how their organizations' privacy obligations are being kept."
IBM plans to submit EPAL for standardization within the next few months. IBM plans to add EPAL support to IBM's enterprise privacy management software, IBM Tivoli Privacy Manager.
A team of students at North Carolina State University has developed the first tool to help developers leverage EPAL -- the Privacy Authoring Editor. The new tool helps companies author and edit privacy policies using EPAL while allowing for the expression of richer and more complex privacy rules than current standards allow.
The students developed the Privacy Authoring Editor as an open source project, so that as the EPAL specification evolves, other members of the open source community can update the editor to match the specification. The Privacy Authoring Editor is currently available on SourceForget.net -- a Web site for open source code and applications -- at sourceforge.net/projects/epaleditor.
EPAL is designed to make it easier for enterprises to translate their privacy policies into machine-readable descriptions of data handling procedures. For instance, EPAL lets developers express a natural language statement such as "Members of the physician group can read protected health information for the purpose of medical treatment, only if the physician is the primary care physician and the patient or the patient's family is notified in advance" in a language that applications and privacy management tools can understand.
Like other IBM privacy technologies and software, EPAL's evolution has been influenced by customer feedback. IBM's Privacy Management Advisory Council, a 25-member group that includes industry leaders such as eBay, Fidelity Investments, Marriott International and others, has evaluated the new language and offered valuable insight into industry requirements.
IBM Research and IBM Software Group jointly developed EPAL. A draft specification of the language is currently available at www.zurich.ibm.com/security/enterprise-privacy/epal.
IBM is the world's largest information technology company, with 80 years of leadership in helping businesses innovate. For more information about IBM, visit www.ibm.com.
IBM Media Relations
Tel: +1 512-286-3208
Prepared by Robin Cover for The XML Cover Pages archive. See details in the news item "IBM Releases Updated Enterprise Privacy Authorization Language (EPAL) Specification." General references in: (1) "IBM's Enterprise Privacy Authorization Language (EPAL)"; (2)