Method and mechanism for data screening
First Claim
1. A method of evaluating attributes of a data item pertaining to privacy interests of a data subject associated with the data item, comprising:
- receiving data associated with a data subject, the data comprising at least one data item;
identifying two or more attributes for the data item, the two or more attributes indicative of likelihood of identification of the data subject based upon access to the data item, a second one of the two or more attributes relating to a measure of visibility that an observer has about the data item for data subjects; and
quantifying each of the two or more attributes for the data item with corresponding attribute values.
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to a method and mechanism to selectively evaluate data items and search queries for privacy violations. According to an embodiment of the invention, attributes of a data item are identified and quantified to evaluate its potential to violate privacy interests. Search queries can be evaluated before accessing the records according to an embodiment, which improves operating efficiency and provides additional privacy protections. The query evaluation determines whether to disallow a query or withhold a query result if an individual or a small group of individuals can be identified by the results or if variables revealed will violate privacy policies. Also, the invention enables a provider of information to systematically evaluated the selectivity and visibility of attributes that are analyzed to allow or disallow queries and to set thresholds for different combinations of attributes. This allows implementation of different privacy policies, which may vary based on the database, the attributes, and/or the source of the query.
81 Citations
13 Claims
-
1. A method of evaluating attributes of a data item pertaining to privacy interests of a data subject associated with the data item, comprising:
-
receiving data associated with a data subject, the data comprising at least one data item;
identifying two or more attributes for the data item, the two or more attributes indicative of likelihood of identification of the data subject based upon access to the data item, a second one of the two or more attributes relating to a measure of visibility that an observer has about the data item for data subjects; and
quantifying each of the two or more attributes for the data item with corresponding attribute values. - View Dependent Claims (2, 3, 4, 5)
determining a category of prior visibility for the two or more attributes.
-
-
5. The method of claim 2 in which the act of quantifying the two or more attributes comprises:
assigning an attribute value along a scale of values.
-
6. A method of evaluating attributes of a data item pertaining to privacy interests of a data subject associated with the data item, comprising:
-
receiving data associated with a data subject, the data comprising at least one data item;
identifying two or more attributes for the data item, the two or more attributes indicative of likelihood of identification of the data subject based upon access to the data item;
quantifying each of the two or more attributes for the data item with corresponding attribute values; and
determining whether to store the data item in a database available to researchers based upon the attribute values by, establishing a threshold prior visibility level; and
rejecting inclusion of the data item in the database if the attribute values for prior visibility exceeds the threshold prior visibility level.
-
-
7. A method of evaluating attributes of a data item pertaining to privacy interests of a data subject associated with the data item, comprising:
-
receiving data associated with a data subject, the data comprising at least one data item;
identifying two or more attributes for the data item, the two or more attributes indicative of likelihood of identification of the data subject based upon access to the data item, the two or more attributes comprising sensitivity that identifies a level of privacy associated with the data item; and
quantifying each of the two or more attributes for the data item with corresponding attribute values.
-
-
8. A method for evaluating a data query seeking to access data associated with a data subject, comprising:
-
receiving a data query seeking to access data associated with one or more data subjects, the data comprising one or more data items;
identifying a combination of the one or more data items sought by the data query; and
quantifying one or more attribute values for the combination of one or more data items sought by the data query, the one or more attribute values indicative of likelihood of identification of a specific data subject associated with the combination of the one or more data items, the one or more attribute values relating to a measure of visibility that an observer has about the data items. - View Dependent Claims (9, 10, 11, 12, 13)
determining a minimum of prior visibility values for the combination of the data items.
-
-
11. The method of claim 9 in which the act of quantifying an OR combination for prior visibility comprises:
determining a maximum of prior visibility values for the combination of the data items.
-
12. The method of claim 9 in which the one or more attribute values comprises selectivity.
-
13. The method of claim 12 in which a privacy rule for evaluating the data query comprises:
rejecting the data query if it involves a low-prior visibility subset of high-selectivity high-prior visibility sets.
Specification