Following are some of the products, services and standards that can be used to help ensure that private information stays private.
- P3P is a W3C standard that determines how a site handles personal data. P3P-enabled Web sites make this information available in a standard format readable by P3P-enabled browsers. This allows users to easily compare a sites privacy policies with their own preferences. (A paper on the future of P3P is at www.w3.org/2002/12/18-p3p-workshop-report.html.)
- The AT&T Privacy Bird is a freely downloadable tool that reads P3P privacy policies and displays them in an easy-to-understand way. The software displays a green bird icon at Web sites that match the users privacy preferences and a red bird icon at sites that do not. (www.privacybird.com) Many browsers also have the ability to display a sites adherence to users privacy preferences.
- EPAL (Enterprise Privacy Authorization Language) is a formal language used to specify enterprise privacy policies. Developed by IBM, it concentrates on the core privacy authorization while including details such as data model or user authentication. (www.zurich.ibm.com/security/enterprise-privacy/epal)
- XACML (Extensible Access Control Markup Language) is a newly ratified OASIS Open Standard for describing security policies in a uniform manner, suitable for algorithmic analysis of the combined effect of multiple policies affecting a single interaction as it passes through an IT chain. (xml.coverpages.org/xacml.html)
- IBM Tivoli Privacy Manager is middleware that automates many privacy compliance activities. (www-3.ibm.com/software/tivoli/products/privacy-mgr-e-bus)