An adaptive privacy management system for data repositories

Abstract

This paper addresses the problem of dealing with privacy management of personal data stored by enterprises. Accesses to personal data must keep into account privacy policies based on laws, enterprise guidelines, stated purposes of data and data subjects' consent. In large organisations, people have different roles and skills: business tasks are achieved thanks to collaboration among these people. The rigid enforcement of privacy policies might create disruptions and unacceptable burdens in business practices. We introduce an innovative solution based on an adaptive privacy management system. Data are retrieved from standard data repositories: parts of these data are encrypted and associated with privacy policies. The actual access to the encrypted data is adaptive, depending on the requestor, the context and purpose. Multiple "views" on a data structure can be provided by our system. Our research and development is work in progress. We describe our current results and highlight next steps. © Springer-Verlag Berlin Heidelberg 2005.