Privacy is the right of individuals to determine when personal
information can be collected and how it should be used based on individual consent
Unlike security, which revolves around the authorization of users, privacy
addresses data management issues related to users who have already been given
access to the system. Corporations need to handle this private information in
compliance with privacy regulation as well as business requirements.
Currently, many companies find it difficult to manage the wide-ranging purposes
for accessing information by individuals or organizations with different access
rights. At the present time, there is no competing technology for privacy policy
enforcement that is efficient and comprehensive.
IBM is positioned to have a truly groundbreaking and extensible solution by
jointly leveraging Tivoli Privacy Manager and the Hippocratic database solution.
Preserving privacy is the major tenet of future database systems. The Hippocratic
database is built upon ten principles to protect and manage private information
that reside in the databases.
| 1. |
Purpose specification.
For personal information stored in the database, the purpose for which the
information has been collected should be associated with that information.
|
| 2. |
Consent.
The purpose associated with personal information should have the consent
of the donor of the personal information. |
| 3. |
Limited collection.
The personal information collected should be limited to the minimum necessary
for accomplishing the specified purposes. |
| 4. |
Limited use.
The database should run only those queries that are consistent with
the purposes for which the information has been collected. |
| 5. |
Limited disclosure.
Personal information stored in the database should not be communicated outside
the database for purposes other than those for which there is consent from
the donor of the information. |
| 6. |
Limited retention.
Personal information should be retained only as long as necessary for the
fullfillment of the purposes for which it has been collected. |
| 7. |
Accuracy.
Personal information stored in the database should be accurate and up-to-date. |
| 8. |
Safety.
Personal information should be protected by security safeguards against
theft and other misappropriations. |
| 9. |
Openness.
A donor should be able to access all information about him or her stored
in the database. |
| 10. |
Compliance.
A donor should be able to verify compliance with the above principles. Similarly,
the database should be able to address a challenge concerning compliance.
|
Privacy is the right of individuals to determine for themselves when, how and
to what extent information about them is communicated to others.
Our system provides value to IBM customers who are under the jurisdiction of
regulations such as HIPAA, Gramm-Leach-Bliley (GLB) act, Japanese Privacy Act,
and Australian Privacy Act. In Section 6801 of the GLB, it reads "It is
the policy of the Congress that each financial institution has an affirmative
and continuing obligation to respect the privacy of its customers and to protect
the security and confidentiality of those customers' nonpublic personal information."
HIPAA states that those who maintain or transmit "health information shall
maintain reasonable and appropriate administrative, technical, and physical
safeguards
| » |
to ensure the integrity and confidentiality of the information; |
| » |
to protect against any reasonably anticipated |
| |
· |
threats or hazards to the security or integrity of the information; and |
| |
· |
unauthorized uses or disclosures of the information; and |
| » |
otherwise to ensure compliance with this part by the officers
and employees of such person." |
To address the problem of privacy, we propose a database architecture that
supports the automatic enforcement of privacy policies. Our architecture involves
three main components. First, we allow a company to specify its privacy policy
using a privacy language called EPAL.
Second, we allow users to define their specific preferences for information
access and usage. The information collection module checks the company's privacy
policy against users' preferences.
Finally, we provide secure querying capabilities that enforce corporate privacy
policies and users' preferences. Unlike existing methods, our architecture does
not require customization of a company's existing applications. This results
in easier installation and minimizes customization, overhead, and maintenance
costs.
By effectively managing private information, our comprehensive solution also
drives the increase in trust from customers and partners. Managing private consent
information in this manner will probably help mitigate legal risks but also
drive performance improvements and cost efficiencies in privacy management.
In addition, many customers may experience an increase in business opportunities
that were previously inhibited by privacy concerns.
The market trends and the future applications of the Hippocratic database technology
point to a vast and growing market. The growth in on-demand businesses, the
increased privacy efforts by the government, massive growth in corporate data,
and the increasing privacy concern of individuals all drive the vast potential
of our technology. Implementing this unique privacy-enforcing solution will
be a key market differentiator for IBM and will bring about a strong competitive
advantage for its customers in this age where privacy is an increasing concern.
|
