Abstract
Organizations that manage Personally Identifiable Information cannot share this information directly due to legal restrictions. Meanwhile, there are several solutions that support the anonymization of these types of data to make these available to a wider audience. For these solutions, it is important that the corresponding anonymization modules guarantee legal properties. In general, due to the scale and complexity of the software, it is difficult to prove that it does not violate these properties in some cases. This article proposes a new approach that addresses this challenge. The approach provides a software component that checks the output of an anonymization module against editable legal constraints—the Privacy-Enhancing Verification Component (PE-VC). An organization can formulate these constraints separately from the software using the new Compliance Assertion Language. Because the PE-VC is a carefully developed and verified module that can be used without modification for different anonymization modules, an auditor only needs to check the specified assertions and not the software itself. This approach ensures a much higher level of confidence in the correctness of the output of an anonymization software.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
