The Framework will serve as the basis for developing products and services that support current and evolving privacy regulations and business policies in domestic and international arenas.
The ISTPA Privacy Framework is an open, policy-neutral model consisting of 10 integrated privacy services and capabilities, which ensure that personal information is processed in accordance with established agreements. The Framework also can be used to guide the integration of security technologies in support of privacy by corporations, government agencies, regulators and information managers who need to evaluate privacy policies for completeness, add privacy features to existing technology or identify missing pieces of existing privacy technology.
The ISTPA will collaborate with researchers at Carnegie Mellon University's School of Computer Science to enhance the Framework and to develop a Digital Privacy Handbook, which will serve as an authoritative, on-line research reference for privacy management, which is becoming a recognized scientific field.
"We're collaborating with Carnegie Mellon to leverage its multidisciplinary expertise in policy, computer science, business and software engineering while assuring a neutral, independent and unbiased approach to this critical, highly contested and politically charged domain," said ISTPA Executive Director Kevin O'Neil. "If the Privacy Framework is to be successful, it must remain a collaborative effort built with careful attention to the competing values, diverse issues and complex technologies that our global information society and digital economy struggle to integrate and resolve."
"Executives responsible for implementing a privacy policy face the challenge of converting lofty principles into cost-effective operations," said Carnegie Mellon computer scientist Robert Thibadeau, who co-chairs the ISTPA Framework Working Group. "Lawmakers drafting privacy legislation need to understand what is technically feasible and what is manageable in terms of regulatory enforcement. IT managers need to understand how to develop appropriate technical architectures and select tools that will meet business policy and process requirements. The Digital Privacy Handbook project is essential to those wrestling with these challenges."
"Wave Systems has actively contributed to the development of the ISTPA Privacy Framework, because we felt that such a product blueprint was critical to the comprehensive management of consumer privacy," said Steven Sprague, president and CEO of Wave Systems, a founding member of the ISTPA. "Empowering consumers to be in control of their personal information will enhance trust and confidence in Web-based services and is in line with Wave's theme of "Trust @ the Edge," Sprague said.
"The introduction of the ISTPA Privacy Framework represents a significant milestone in the development of integrated, IT-based solutions for information privacy and security," added Simon Perry, Computer Associates vice president of eTrust solutions. "We believe that users of our eTrust security solutions will find both the ISTPA Framework and Carnegie Mellon University's proposed Digital Privacy Handbook extremely useful as they develop and implement their corporate privacy policies."
"The Privacy Framework represents groundbreaking work," said ISTPA President John Sabo. "We are pleased that our member companies can contribute the Framework as a catalyst for what we believe will be a growing, formal body of technical work to advance the state of information privacy." "The security and reliability of our networked information systems is emerging as one of the greatest challenges facing us in the twenty first century," said Jeffrey Hunker, Dean of Carnegie Mellon's H. John Heinz III School of Public Policy and Management. "Carnegie Mellon is at the forefront in developing solutions that integrate public policy with technology. This Framework is an important contribution to our role in helping to solve this problem."
About ISTPA
The International Security, Trust, and Privacy Alliance (ISTPA), founded in 1999, is a global alliance of 30 companies, institutions and technology providers working together to clarify and resolve existing and evolving issues related to security, trust, and privacy. The ISTPA's focus is on the protection of personal information. It is comprised of four working groups: Privacy Framework, Privacy Tools and Technology Research, Legal & Regulatory Research and Outreach. Additional organizations are welcome to join the Framework Working Group and advance the vital follow-on work suggested by the Privacy Framework 1.0 document. Membership information and the Framework can be found at www.istpa.org. To request a copy of the Framework, send e-mail to director@istpa.org. ISTPA has 30 members, including Advanced Micro Devices, BITS, Carnegie Mellon University, Computer Associates, CYVA Research, EWA IIT, Gemplus, GSR Strategic Consulting, Intel, Motorola, NCR, OneName, Vanguard Integrity Professionals and Wave Systems.