PRINDA: Architecture and design of non-disclosure agreements in privacy policy framework

Non-disclosure agreements (NDAs) in real life are typically used whenever there is transfer of private or confidential information from one organization to another. The provider organization cannot have any control over privacy mechanisms of the receiving organization. The privacy policy work so far has addressed itself for preventing privacy violations within an organization. We aim to give an architecture of PRINDA (PRIvacy NDA) system which incorporates NDA's in privacy policy framework. Advantages of PRINDA system will be the following: (i) as there can be traces of malicious activity (invasion of privacy) either at provider-end or at recipient-end, if detected/reported, NDA can help to fix the responsibility to the organization violating the agreement, and will strengthen control in the privacy arena and (ii) owner of data can be provided with detailed description of accesses to the data from every organization to which the data has been transferred (strengthening the principle of compliance). (c) 2007 Elsevier B.V. All rights reserved.