Browse Prior Art Database

Personal Data Traceability

IP.com Disclosure Number: IPCOM000129766D
Original Publication Date: 2005-Oct-07
Included in the Prior Art Database: 2005-Oct-07
Document File: 11 page(s) / 93K

Publishing Venue

IBM

Abstract

Disclosed is a system that monitors, controls and/or traces the use of personally identifiable information (PII) by privacy sensitive application programs.The functionality is enabled by introducing a set of new data types called PII data types into application programming and by transferring the actual PII data handling responsibility to a trusted 3rd party application called PII-keeper. The PII-keeper can handle all of the personal contact transactions on behalf of the privacy sensitive applications and frees them from the burden of personal data handling, and easily realizes a maximum privacy preserving application development.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 17% of the total text.

Page 1 of 11

Personal Data Traceability

Disclosed is a system that monitors, controls and/or traces the use of personally identifiable information (PII) by privacy sensitive application programs.The functionality is enabled by introducing a set of new data types called PII data types into application programming and by transferring the actual PII data handling responsibility to a trusted 3rd party application called PII-keeper. The PII-keeper can handle all of the personal contact transactions on behalf of the privacy sensitive applications and frees them from the burden of personal data handling, and easily realizes a maximum privacy preserving application development.

1. Why we need "Personal Data Traceability "

Personal Data Protection: Country regulations and public concerns

   Personal Data Protection Laws have been enacted around the world. o

   Protection from Identity Theft o

   Protection from surreptitious Human Monitoring and Excessive Profiling, o except for National Security
S&A (Sensors & Actuators) / Traceability applications

   Wide use of RFID is expected, which has the risks of unintentional infringement o on Privacy rights
Everything is sensed and/or traced, including personal activities o

   Trade-off resolutions between better services and the risk of personal data o exposure
Personal/Authoritative auditability about the use of personal data

   Tracking of the life cycle and the usage of personal data, the certification for o accuracy of the records and the accountability of the personal data keepers. Self-determination of personal data handling: Privacy Principle o

   Tools and audit trails for Authoritative Investigation o

2. Definition of Personal Data

"Any combination of attributes and/or transactional data of a particular person, or a very small group of people; (which are called Human Data-subjects), is personal data"

PII Concept: any data or a combination of data attributed to "PII (personally identifiable information)"

Particularity concept: any data or a combination of data attributed to a single person or a very small group of people who share same privacy concerns; family, e.g.

For general use, "Data associated with PII" is personal data. Also, data without PII is NOT personal Data.

PII is any combination of identifiers, contact information and/or attributes; directly, or indirectly by associations, that can link to a person or a family.

   Names, addresses, SSN, employee number, e-mail address, uniquely limiting o attributes, etc.

3. Problem Statement

A person, as the data-subject, can exercise his/her policy of personal data handling throughout the life cycle, i.e. the sequence of operations; creation, use (read), correction, modification, update, copy, merge, split and delete.

   Can have a policy about "5W1H"; time (when), institution (where), person o

(who), attributes/contents/operations (what), purpose (why), situations/contexts (how)

The data-subject can monitor, i.e. check the logs of, the "5W1H" of his/her personal data handling t...