New Microsoft privacy framework lets lawyers, developers and their code speak the same language

Source: 
Coverage Type: 

Microsoft Research has developed a new framework for automatically figuring out which lines of code inside massive systems might conflict with corporate privacy policies.

It’s an important goal in today’s technology world where ever-present threats of data breaches and lawsuits, as well as the specter of looming government regulation, have smart companies preparing for whatever might come their way. The really novel thing about Microsoft’s framework is that it was designed to bring together teams of personnel that might never interact directly otherwise, so that the compliance process is faster and less prone to errors.

The system involves a high-level language called Legalease, which lets lawyers and policy employees encode corporate privacy policies into a machine-readable format, and a tool called Grok that inventories big data systems and checks them against those policies. “Ultimately, the truth about what’s happening with this data is in the code,” researcher Saikat Guha explained.

But with millions of lines of code (a fair amount of which changes daily) in a product such as Bing -- on which the Microsoft Research project was prototyped -- it can be difficult to figure out what data is being stored where, how it’s being used as part of any given job and whether that usage complies with privacy rules.

Guha and his team hope the new framework though will speed the process and make it more accurate by letting all of these steps occur in parallel.


New Microsoft privacy framework lets lawyers, developers and their code speak the same language