Method and apparatus for controlling access to personally identifiable information
First Claim
1. A method for controlling access to personally identifiable information (PII) of a data owner in a database system, comprising:
- allowing the data owner to specify different opt-in or opt-out choices with respect to different business purposes for a given PII attribute, wherein the business purposes are listed in a privacy policy, which indicates an organization'"'"'s control of PII in accordance with the data owner'"'"'s preference, and wherein the data owner can opt out voluntary but not mandatory attributes information containing PII;
receiving a request from an application to access attributes associated with the data owner in the database system;
identifying a business purpose that the application has in making the request, wherein the business purpose identifies how the application uses the accessed attributes;
identifying a set of attributes associated with the data owner corresponding to the identified business purpose;
determining that the identified attributes contain a PII attribute that the data owner has opted out; and
,enforcing access control by restricting access to the identified attributes containing the PII attribute based on the data owner'"'"'s choice with respect to the PII attributes for the identified business purpose.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that controls access to personally identifiable information (PII) in a database system. During operation, the system receives a request from an application to perform a function which involves accessing information in the database system. In response to the request, the system identifies a purpose that the application has in making request to perform the function. Next, the system uses the purpose to identify a set of attributes in the database system, which are associated with the purpose. The system then determines if any of the identified attributes contain PII. If so, the system enforces access controls while accessing the identified attributes containing PII.
297 Citations
14 Claims
-
1. A method for controlling access to personally identifiable information (PII) of a data owner in a database system, comprising:
-
allowing the data owner to specify different opt-in or opt-out choices with respect to different business purposes for a given PII attribute, wherein the business purposes are listed in a privacy policy, which indicates an organization'"'"'s control of PII in accordance with the data owner'"'"'s preference, and wherein the data owner can opt out voluntary but not mandatory attributes information containing PII; receiving a request from an application to access attributes associated with the data owner in the database system; identifying a business purpose that the application has in making the request, wherein the business purpose identifies how the application uses the accessed attributes; identifying a set of attributes associated with the data owner corresponding to the identified business purpose; determining that the identified attributes contain a PII attribute that the data owner has opted out; and
,enforcing access control by restricting access to the identified attributes containing the PII attribute based on the data owner'"'"'s choice with respect to the PII attributes for the identified business purpose. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for controlling access to personally identifiable information (PII) of a data owner in a database system, the method comprising:
-
allowing the data owner to specify different opt-in or opt-out choices with respect to different business purposes for a given PII attribute, wherein the business purposes are listed in a privacy policy, which indicates an organization'"'"'s control of PII in accordance with the data owner'"'"'s preference, and wherein the data owner can opt out voluntary but not mandatory attributes information containing PII; receiving a request from an application to access attributes associated with the data owner in the database system; identifying a business purpose that the application has in making the request, wherein the business purpose identifies how the application uses the accessed attributes; identifying a set of attributes associated with the data owner corresponding to the identified business purpose; determining that the identified attributes contain a PII attribute that the data owner has opted out; and
,enforcing access control by restricting access to the identified attributes containing the PII attribute based on the data owner'"'"'s choice with respect to the PII attributes for the identified business purpose. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification