towards end-to-end privacy control in the outsourcing of marketing activities: a web service...
TRANSCRIPT
![Page 1: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/1.jpg)
Towards End-to-End Privacy Control in the Outsourcing of
Marketing Activities: A Web Service Integration
Patrick C. K. Hung Dickson K.W. Chiu
W.W. Fung William K. CheungRaymond Wong Samuel P.M. ChoiEleanna Kafeza James KwokJousha C.C. Pun Vivying S.Y. Cheng
1BSIM0012
![Page 2: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/2.jpg)
RECORDS MANAGEMENT
1. Introduction2. Background Information3. Towards End-to-End Privacy Control4. Conclusions and Future Works
AgendaAgenda
![Page 3: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/3.jpg)
RECORDS MANAGEMENT
IntroductionIntroduction Marketing is a strategy for selling products more
efficiently.◦ sales promotion strategies for making consumers
recognize a product’s existence ◦ persuading them to take purchase actions◦ circulation strategies for efficiently delivering the desired
product◦ continuation strategies such as after-sales service and
claim processing. Outsourcing of marketing activities widely
adopted ◦ raises the concern of privacy issues.
![Page 4: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/4.jpg)
RECORDS MANAGEMENT
PrivacyPrivacy Privacy is a state or condition of limited
access to a person.◦ Ref: SCHOEMAN, E. D. 1984. Philosophical Dimensions of Privacy: An
Anthology. New York, NY, Cambridge Univ. Press.
Information privacy relates to an individual’s right to determine how, when, and to what extent information about the self will be released to another person or to an organization.
![Page 5: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/5.jpg)
RECORDS MANAGEMENT
Example ScenarioExample Scenario A bank performs a marketing campaign by calling
its credit card holders. Outsource the calling activity to a third-party
service provider◦ resource problems / other economic reasons
Personal information required◦ name, credit card number, gender, age group, salary
range, and even addresses activity Under current practices, all the necessary credit
card holders’ data are transferred in bulk from the bank to the marketing company.◦ large amount of personal information.
![Page 6: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/6.jpg)
RECORDS MANAGEMENT
Example Process with Example Process with Web Service Solution Web Service Solution
Logon Select compaign
Dial another customer
Ask customer if interested
Tell details and pursuate customer
Bank Web service 1:get phone number
Bank Web service 2: surname, salutation
Bank Web service 3: more demographic data
Confirm transaction
Bank Web service 4: card number, perso...
Record and housekeeping
[ get through ]
[ fail ]
[ customer interested ]
[ fail ]
[ customer agree ][ fail ]
[ logout ]
[ more customer ]
![Page 7: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/7.jpg)
RECORDS MANAGEMENT
What is Web ServiceWhat is Web Service
Web Services Clients
Web Server
Web Services
XML Messages/HTTP Binding
W3C definition of a Web Service◦ has a unique Uniform Resource Identifier (URI)
URI are commonly in the form of URL◦ can be defined, described, and discovered using
XML◦ supports exchange of XML messages via
Internet-based protocols◦ http://www.w3.org/2002/ws/
Supported by all major computing companies, e.g., IBM, Microsoft, Sun, and etc.
![Page 8: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/8.jpg)
RECORDS MANAGEMENT
Access Control ConceptsAccess Control Concepts
Retention
Access Control
Role Based Access Control
RequestPurpose Recipient
Obligation
PermissionRetentionObligation
Input Output
![Page 9: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/9.jpg)
RECORDS MANAGEMENT
Access Control LanguagesAccess Control Languages Enterprise Privacy Authorization Language
(EPAL) ◦ By IBM -
www.zurich.ibm.com/security/enterprise-privacy/◦ encode an enterprise’s privacy-related data-
handling policies and practices. ◦ An EPAL policy defines lists of hierarchies of data-
categories, data-users, and purposes, and sets of actions, obligations, and conditions.
Platform for Privacy Preferences (P3P)◦ Current W3C standard◦ http://www.w3.org/P3P/
![Page 10: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/10.jpg)
RECORDS MANAGEMENT
A Layered Framework for A Layered Framework for Tackling Privacy ProtectionTackling Privacy Protection
![Page 11: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/11.jpg)
RECORDS MANAGEMENT
Conceptual Model of Web-Service Conceptual Model of Web-Service Based Privacy Access ControlBased Privacy Access Control
PersonnelRole
Customer
Response Record
Marketing Process
Transactionbring
Data ViewMarketing
Task
peform
EPAL specification
authorize
+purposecontrol
Bank Web Service access
return via
call
controlspecify
![Page 12: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/12.jpg)
RECORDS MANAGEMENT
Implementation Implementation ArchitectureArchitecture
Bank
MarketingCompany
Credit Card User Data
Credit Card Data Ontology
Organizational Structure Ontology
Privacy Access Control Policy
Privacy Access Control Preferences
Persons
Step 1
Step 1
Step 2
Step 2
Step 3 Step 3Step 4
Web Service
Web Service
Customer
![Page 13: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/13.jpg)
RECORDS MANAGEMENT
ConclusionConclusion A layered architecture and methodology for the facilitation
of privacy control based-on Web services. A conceptual model of Web-service-based privacy access
control to facilitate the design of an implementation architecture.
Outsourced marketing companies can be integrated with adequate control and auditing.
Practicability showing how the call center software for a typical marketing activity can be integrated effectively with the banks’ Web service
Only the required part of a customer record is retrieved through the appropriate data views and sent one at a time to achieve strict end-to-end privacy.
![Page 14: Towards End-to-End Privacy Control in the Outsourcing of Marketing Activities: A Web Service Integration Patrick C. K. HungDickson K.W. Chiu W.W. FungWilliam](https://reader036.vdocuments.us/reader036/viewer/2022062423/5697bfed1a28abf838cb8fe1/html5/thumbnails/14.jpg)
RECORDS MANAGEMENT
Future WorkFuture Work Use P3P instead of EPAL Ontology: Adopt OWL vocabularies for
classifications Critical success factors Cost and technical requirements Implementation issues Extending the framework to other applicable
scenarios such as credit reference agencies.