Servicization of Australian Privacy Act for Improving Business Compliance

Organizations of handling personal or sensitive information have the pressure of complying with relevant privacy laws or regulations. Since the laws or regulations are always written with complex legal terms, it is not easy for information system designers to understand precisely such laws and regulations and adopt them directly in their designs. In this paper, we propose the method of formalizing the Australian Privacy Act into executable processes and the method of modeling business in a privacy-aware way. Thus, by executing the processes over the privacy-aware business models, the information system designers can easily check the compliance of their designs with the privacy laws or regulations. In addition, the executable formalization of the Privacy Act makes it more efficient for law enforcement officers to process privacy violation cases. As an example, the clauses NPP 1.3 and NPP 2.1(s) of Australia Privacy Act are formalized and executed over a retailer´s privacy-aware business model. The execution shows the same result as the investigation performed by the law enforcement officers.