text-only page produced automatically by Usablenet Assistive Skip all navigation and go to page content Skip top navigation and go to directorate navigation Skip top navigation and go to page navigation
National Science Foundation
design element
Search Awards
Recent Awards
Presidential and Honorary Awards
About Awards
Grant Policy Manual
Grant General Conditions
Cooperative Agreement Conditions
Special Conditions
Federal Demonstration Partnership
Policy Office Website

Award Abstract #0831178

Collaborative Research: CT-M: Privacy, compliance and information risk in complex organizational processes

Division of Computer and Network Systems
divider line
Initial Amendment Date: August 15, 2008
divider line
Latest Amendment Date: July 14, 2011
divider line
Award Number: 0831178
divider line
Award Instrument: Continuing grant
divider line
Program Manager: Jeremy Epstein
CNS Division of Computer and Network Systems
CSE Directorate for Computer & Information Science & Engineering
divider line
Start Date: September 1, 2008
divider line
End Date: August 31, 2012 (Estimated)
divider line
Awarded Amount to Date: $250,000.00
divider line
Investigator(s): Anupam Datta danupam@andrew.cmu.edu (Principal Investigator)
divider line
Sponsor: Carnegie-Mellon University
5000 Forbes Avenue
PITTSBURGH, PA 15213-3815 (412)268-9527
divider line
NSF Program(s): CYBER TRUST,
divider line
Program Reference Code(s): 9218, HPCC
divider line
Program Element Code(s): 7371, 7795


Modern organizations, such as businesses, non-profits, government

agencies, and universities, collect and use personal information from

a range of sources, shared with specific expectations about how it

will be managed and used. Accordingly, they must find ways to comply

with expectations, which may be complex and varied, as well as with

relevant privacy laws and regulations, while they minimize

operational risk and carry out core functions of the organization

efficiently and effectively. Designing organizational processes to

manage personal information is one of the greatest challenges facing

organizations (see, e.g. a recent survey by Deloitte and the Ponemon

Institute [TI07]), with far-reaching implications for every

individual whose personal information is available to modern

organizations, i.e. all of us.

This project responds to these challenges by developing methods,

algorithms and prototype tools for integrating privacy, compliance,

and risk evaluation into complex organizational processes. It

explores, articulates and characterizes formally the scope and nature

of privacy-expectations of stakeholders as well as those of key

regulations, such as HIPAA, GLBA, COPPA, BASEL 2, and Sarbanes-Oxley

(SOX). It incorporates the diverse perspectives and areas of

expertise of its multidisciplinary research team, which includes

three computer scientists, one philosopher, and collaborating

researchers from IBM. This industry connection facilitates

interaction with product teams that have served complex organizations

concerned with business process integrity, information security,

privacy, and information risk management. The research builds on

"contextual integrity" (a philosophical account of privacy) as well

as language and risk-based methods for privacy policy specification

and enforcement. Extensive training and educational opportunities are

provided to undergraduate and graduate students and research results

integrated into courses at CMU, NYU, Stanford, and UPenn.


Michael Tschantz, Anupam Datta, Dilsun Kaynar. "Differential Privacy for Probabilistic Systems", 09/01/2008-08/31/2009,  2009, "Carnegie Mellon CyLab Technical Report No. CMU-CyLab-09-008, May 2009".

Michael Tschantz, Anupam Datta, Dilsun Kaynar. "Differential Privacy for Probabilistic Systems", 09/01/2009-08/31/2010,  2009, "Carnegie Mellon CyLab Technical Report No. CMU-CyLab-09-008, May 2009".

Michael Tschantz, Dilsun Kaynar, Anupam Datta. "Formal Verification of Differential Privacy for Interactive
Systems", 09/01/2010-08/31/2011, "Proceedings of the 27th Annual Conference on Mathematical
Foundations of Programming Semantics"
,  2011, "Electronic Notes in Theoretical Computer Science".

H. DeYoung, D. Garg, L. Jia, D.
Kaynar, A. Datta. "Experiences in the Logical
Specification of the HIPAA and
GLBA Privacy Laws", 09/01/2010-08/31/2011, "Proceedings of 9th ACM Workshop
on Privacy in the Electronic
,  2010, "ACM Press".

J. Blocki, N. Christin, A.
Datta, A. Sinha. "Regret Minimizing Audits: A
Learning-Theoretic Basis for
Privacy Protection", 09/01/2010-08/31/2011, "Proceedings of 24th IEEE Computer Security Foundations
,  2011, "IEEE Press".


Please report errors in award information by writing to: awardsearch@nsf.gov.



Print this page
Back to Top of page
Research.gov  |  USA.gov  |  National Science Board  |  Recovery Act  |  Budget and Performance  |  Annual Financial Report
Web Policies and Important Links  |  Privacy  |  FOIA  |  NO FEAR Act  |  Inspector General  |  Webmaster Contact  |  Site Map
National Science Foundation Logo
The National Science Foundation, 4201 Wilson Boulevard, Arlington, Virginia 22230, USA
Tel: (703) 292-5111, FIRS: (800) 877-8339 | TDD: (800) 281-8749
  Text Only Version