Automated Expansion of Privacy Data Taxonomy for Compliant Data Breach Notification
Yue Qin
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Privacy & Anonymity
This article delves into the research presented by Yue Qin at the NDSS Symposium, focusing on an innovative approach to overcome a persistent challenge in privacy compliance: the significant gap between legal professionals' broad interpretations of data and technical practitioners' specific data handling practices. The talk introduces **GRASP (Granularity-Aware Hypernym Prediction)**, an automated method designed to construct and expand privacy data taxonomies, and **Tracy**, a practical tool that integrates GRASP to assist privacy professionals in compliant data breach notification.
AI review
Legitimate academic research solving a real pain point — the legal-technical semantic gap in breach notification — with a purpose-built NLP method (GRASP) that demonstrably beats baselines including a fine-tuned LLM. Solid NDSS-tier systems paper, but it's a narrow compliance automation tool with incremental ML novelty, not something that redraws the threat landscape or teaches a practitioner a new attack surface.