Use Case: Formal Specification of US Privacy Act of 1974 in OWL-DL
Government transparency and citizen participation in a 21st century democracy imply adhering to the laws that protect personally identifiable information (PII). Among other laws, the U.S. Privacy Act of 1974 defines the requirements for the collection, use, disclosure and maintenance of PII in systems of record by Federal agencies. Today, privacy laws are written in natural language and requests for PII are administered by privacy officers. Despite our best of intentions, many believe that today's approach to administering requests for PII lacks the accuracy, transparency and accountability required to ensure public confidence. In the networked world of tomorrow, public confidence implies the high degree of accuracy, transparency and accountability that can only be provided by an auditable, decentralized, semi-automated system in which decisions and the reasons to disclose PII are both validated and recorded.
Federal agencies subject to the U.S. Privacy Act of 1974; Legislative, Executive and Judicial brances of the U.S. Government; and individuals whose personally identifiable information is maintained in Federal systems of record.
Formal specification of the U.S. Privacy Act of 1974 is an essential step in validating decisions and the reasons to disclose PII by Federal agencies. By encoding the law in a formal language, a privacy officer can be informed by an automated agent as to whether the disclosure request meets the requirements of the law. Because the language in which the law is encoded is formal, the agent's reasoning can be both sound and complete. When the PII is disclosed, the automated agent records the decision as well as the reasons for the disclosure. The decision and reasons, often called information provenance, are available later for audit. The US Privacy Act of 1974 Ontology in OWL-DL is one such specification and OWL-DL is a W3C recommendation that can satisfy near term goals in producing an automated agent with the Pellet open source description logic reasoner. Together the ontology and the reasoner function as the automated agent that may also be understood as a policy enforcement point. Longer term, system of record notices (SORNs) in the Federal register will require encoding in a controlled natural language based in the privacy domain. Additionally, capabilities derived from a data purpose algebra will form the foundation for an enhanced approach. This enhanced approach will extend today's approach which is based in preventing disclosure into determining accountability for the use of PII after it has been disclosed. For more on this enhanced approach, see Information Accountability.
Identified problems or limitations
SORNS in the Federal register would need encoding in a controlled natural language.