IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (IEEE TPS 2023)
November 1, 2023
In an era where wearables, particularly those in non-hospital settings, collect and transmit sensitive personal data, it is imperative to implement stringent privacy safeguards. The National Institute of Standards and Technology (NIST) Internal Report 8228 provides regulations for securing Internet of Things (IoT) devices, data, and the privacy of individuals. We have developed a novel framework for examining the privacy policies governing the data and information utilized by wearable devices to ensure that these IoT devices work in adherence to the NIST controls. Our approach entails constructing an ontology of the pertinent NIST regulations, extracting key regulation terms, establishing clear annotation guidelines, and reasoning over the developed ontology. Our primary contribution is developing a novel method to accurately retrieve the expectations, privacy risk mitigation areas, and the associated regulations using Natural Language Processing and Semantic Web concepts. Ultimately, vendors and users can use our publicly available ontology to semi-automate the privacy compliance process for wearables, ensuring that the data collected and transmitted through the devices are secure, thereby protecting both the devices and the individuals who use them.
Downloads: 56 downloads