We have to develop a privacy framework for data integration that is flexible and clear to the end users. This demands understandable and provably consistent definitions for building a privacy policy, as well as standards and mechanisms for enforcement .
Database security has generally focused on access control.Users are explicitly (or perhaps implicitly) allowed certain types of access to a data item.This includes work in multilevel secure database as well as statistical queries. Privacy is a more complex concept. Most privacy laws balance benefit vs. risk, access is allowed when there is adequate benefit resulting from access. An example is the European Community directive on data protection which allows processing of private data in situations where specific conditions are met. The Health Insurance Portability and Accountability Act in the U.S. specifies similar conditions for use of data. Individual organizations may define their own policies to address their customers’ needs. The problems are exacerbated in a federated environment. The task of data integration itself poses risks, as revealing even the presence of data items at a site may violate privacy.
Some of the privacy issues have been addressed for the case of a single database management system in Hippocratic Databases. Other privacy issues have been addressed for the case of a single interaction between a user and a Websitein the P3P standard . None of the current techniques address privacy concerns when data is exchanged between multiple organizations, and transformed and integrated with other data sources.
A framework is required for defining private data and privacy in the context of data integration and sharing. The notion of Privacy Views, Privacy Policies, and Purpose
Statements is essential towards such a framework. We illustrate using the “Sharing Scientific Research Data”.
c-pgms.blogspot.com Moved
15 years ago
No comments:
Post a Comment