The primary motivation behind formulation of any privacy policy (policy in the context of this chapter refers to technical policies defined, specified and enforced within the relevant information systems) is to restrict the disclosure of identity of an individual (in certain locations, events or transactions) due to the potential for economic, reputation or safety loss to that individual. Hence every enterprise dealing with individually identifiable information (IIF) has to have privacy protection policies and a supporting IT architecture for specification and enforcement of those policies.

We devote a major portion of this chapter to a description of an Inference Analysis methodology based on Disjunctive Logic Programming [8.3]. This methodology was developed by the co-author of this book and is described in [8.4]. To properly identify partial orders that may exist between privacy labels we first develop the privacy label taxonomy in section 8.2. We also illustrate the instantiation (customization) of this taxonomy in this section. In the next section (8.3), we demonstrate a way of expressing the data dependency relationships within and between information types using inference relations. In section 8.4 we describe a method for detecting violations of privacy labeling semantics using the set of identified inference relations as well as an approach for correcting the labeling semantics violations either by modifying the contents of information type or the associated label or both. In section 8.5 we illustrate the simple case of associating information types with privacy labels when privacy labels are directly obtained from user preferences.