I just got back from IBM’s Security and Privacy Leadership conference and was thoroughly impressed at the depth of discussions. At events like this three years ago, we were talking about subjects like “is there really a difference between privacy and security?” Today, everyone is comparing notes on their Sarbanes-Oxley complaince efforts or sharing the pain of HIPAA compliance.

One of the keynote speakers mentioned in passing a project that should be on the radar screen of anyone developong privacy enhancing technologies. It’s a relatively new OASIS working group called “Legal XML“.

Their website describes the working group as follows:

LegalXML brings legal and technical experts together to create standards for the electronic exchange of legal data.

LegalXML is a member section within OASIS the not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards. Members themselves set the LegalXML agenda, using the open OASIS technical process expressly designed to promote industry consensus and unite disparate efforts. LegalXML produces standards for electronic court filing, court documents, legal citations, transcripts, criminal justice intelligence systems, and others.

OASIS members participating in LegalXML include lawyers, developers, application vendors, government agencies and members of academia.

I’ve run several workshops in which we’ve analyzed privacy legislation and expressed the requirements in XML so that it can be related to access controls and, believe me, if was tough. Law writers are all about principles and (frankly) ambiguity. All too often they want to express goals and leave interpretation n how to achieve goals to the courts. On the other hand, IT people need very prcies, actionable items to follow. So bridging the gap between the legal world and IT world is no small taks.

But because privacy management is rooted in social expectations, I personally believe work efforts like Legal XML are gong to be an extremely important component of future privacy enhancing technologies.

This entry was posted by Calvin () on Tuesday, October 12th, 2004 at 9:01 am and is filed under Government Programs, Legislation. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Note: Blog posts are the opinions of their authors and do not reflect the official opinion of the National Science Foundation or North Carolina State University.