TY - JOUR
T1 - End-to-end privacy control in service outsourcing of human intensive processes
T2 - A multi-layered Web service integration approach
AU - Hung, Patrick C.K.
AU - Chiu, Dickson K.W.
AU - Fung, W. W.
AU - Cheung, William K.
AU - Wong, Raymond
AU - Choi, Samuel P.M.
AU - Kafeza, Eleanna
AU - Kwok, James
AU - Pun, Joshua C.C.
AU - Cheng, Vivying S.Y.
PY - 2007/3
Y1 - 2007/3
N2 - With the recent adoption of service outsourcing, there have been increasing general demands and concerns for privacy control, in addition to basic requirement of integration. The traditional practice of a bulk transmission of the customers' information to an external service provider is no longer adequate, especially in the finance and healthcare sectors. From our consultancy experience, application-to-application privacy protection technologies at the middleware layer alone are also inadequate to solve this problem, particularly when human service providers are heavily involved in the outsourced process. Therefore, we propose a layered architecture and a development methodology for enforcing end-to-end privacy control policies of enterprises over the export of personal information. We illustrate how Web services, augmented with updated privacy facilities such as Service Level Agreement (SLA), Platform for Privacy Preferences Project (P3P), and the P3P Preference Exchange Language (APPEL), can provide a suitable interoperation platform for service outsourcing. We further develop a conceptual model and an interaction protocol to send only the required part of a customer's record at a time. We illustrate our approach for end-to-end privacy control in service outsourcing with a tele-marketing case study and show how the software of the outsourced call center can be integrated effectively with the Web services of a bank to protect privacy.
AB - With the recent adoption of service outsourcing, there have been increasing general demands and concerns for privacy control, in addition to basic requirement of integration. The traditional practice of a bulk transmission of the customers' information to an external service provider is no longer adequate, especially in the finance and healthcare sectors. From our consultancy experience, application-to-application privacy protection technologies at the middleware layer alone are also inadequate to solve this problem, particularly when human service providers are heavily involved in the outsourced process. Therefore, we propose a layered architecture and a development methodology for enforcing end-to-end privacy control policies of enterprises over the export of personal information. We illustrate how Web services, augmented with updated privacy facilities such as Service Level Agreement (SLA), Platform for Privacy Preferences Project (P3P), and the P3P Preference Exchange Language (APPEL), can provide a suitable interoperation platform for service outsourcing. We further develop a conceptual model and an interaction protocol to send only the required part of a customer's record at a time. We illustrate our approach for end-to-end privacy control in service outsourcing with a tele-marketing case study and show how the software of the outsourced call center can be integrated effectively with the Web services of a bank to protect privacy.
KW - APPEL
KW - Layered architecture
KW - Need-to-know principle
KW - P3P
KW - Privacy policies
KW - SLA
KW - Web service integration
UR - http://www.scopus.com/inward/record.url?scp=33847709455&partnerID=8YFLogxK
U2 - 10.1007/s10796-006-9019-y
DO - 10.1007/s10796-006-9019-y
M3 - Article
AN - SCOPUS:33847709455
SN - 1387-3326
VL - 9
SP - 85
EP - 101
JO - Information Systems Frontiers
JF - Information Systems Frontiers
IS - 1
ER -
