Introducing IBM Tivoli Privacy Manager for e-business

Steven B. Adler
Market Manager
IBM Tivoli Security & Privacy
(516)944-2598 (office) t/l 320-8928
(516)944-2266 (fax)
(516)984-3576 (mobile)

IBM Tivoli Privacy Manager for e-business is the first enterprise privacy management software that uses P3P to enforce privacy policies and data subject consent across an enterprise. By converting privacy policies into P3P, an enterprise can define purpose specification, data classification, group and data user assignments, and data authorization conditions.

The components of Tivoli Privacy Manager take advantage of P3P to provide the following functions:

* POLICY EDITOR: An advanced P3P interface that creates machine-readable privacy policies from written privacy policies. The Policy Editor helps privacy officers, legal counsel, and IT staff work together to build privacy rules that integrate policy into practices. The interface is easy to use and the process is quick and efficient.

* POLICY DEPLOYMENT: Link privacy policies to personal information by creating data types, and then linking data types to users, groups, storage locations and application requests. You can create information sharing preferences within your P3P policy, notify data owners of their options, and record their consent.

With Tivoli Privacy Manager for e-business you can create an infrastructure that lets you "outsource" the maintenance of individual privacy preferences to your end users. The software makes it easy for end users to opt in or opt out of the company's policies governing the use of personal information. The software automatically records the user's consent, helping organizations comply with privacy regulations and to provide an auditable record of privacy practices.

* REPORT GENERATOR: Generate enterprise-wide reports, showing policies deployed, enforcement locations, and audit trails detailing personal information management according to privacy policies. The Report Facility can also be used to generate individual reports showing how one person's data has been used by the enterprise.

Tivoli Privacy Manager for e-business v1.1 is the first program available that provides organizations with detailed audit logs of IT transactions based on privacy policies. The audit reports provide a detailed history of policy deployment, notification of policy terms, consent to policy, preferences articulated, and every transaction made according to the policy. These reports can be stored in a DB2 database. They can be accessed online to provide immediate access to the usage history for personal information - whether to comply with internal audits and regulatory reviews, or to respond to a data owner's request.

* ADMINISTRATION CONSOLE: From one central console, you can manage and adjust the operating parameters of Privacy Manager on an enterprise basis. The administration console provides management across the enterprise, giving you complete control over policies, storage locations, audit logs, preferences and consent. You can use the console to update and journal privacy policies, enable and disable monitors, and archive audit logs.

* PRIVACY MANAGER MONITOR SOFTWARE DEVELOPMENT KIT (SDK): The SDK contains a Java library that allows you to develop Privacy Manager Monitors for applications, middleware data repositories, and other systems that persistently store privacy-sensitive information. This is a free development kit that can be used to extend the functionality of Privacy Manager.

* LDAP MONITOR: A "reverse LDAP proxy" that can monitor LDAP V3 message flows between an LDAP client application and an LDAP server, as well as enforce the privacy policy on any clients attempting to access privacy-sensitive resources on the LDAP directory. This is being offered as a reference implementation of the Monitor SDK to demonstrate how monitors are developed and deployed.

A comprehensive approach to preference management

IBM Tivoli Privacy Manager for e-business is the first enterprise privacy management solution that automates privacy policy enforcement and monitoring. Its advanced features allow enterprises to keep accurate historical logs of every transaction according to specific privacy policies. In addition, the Privacy Manager SDK gives organizations the power to develop additional functionality to meet growing enterprise information needs.

IBM Tivoli Privacy Manager for e-business v1.1 was developed in partnership with the 20 companies belonging to IBM's Privacy Management Advisory Council, and was made shipped on August 30, 2002.