A Mechanism for Providing Privacy Functionality to Users
Original Publication Date: 2003-Oct-14
Included in the Prior Art Database: 2003-Oct-14
Users (called data owners in security and privacy literature) need to be provided with a means of reviewing data objects such as personally identifiable information (PII) that is stored about themselves on data processing devices and understanding who or what applications will use their PII and for what purposes in order to give informed consent for use of their PII data. Users also need a means of updating inaccurate PII data about themselves. Currently, users can read privacy statements on web sites to try to understand what their privacy rights are regarding their PII data. These statements are written in very general and legal terms that provide very little useful information to users; these privacy statements are not generally usable or useful. Web sites vary widely in whether they allow users to review or edit PII data about themselves. At this time, most sites do not allow users to review all PII data about themselves, and very few, if any sites, allow users to edit all of the PII data collected. For PII data stored in legacy applications, there may be manual processes for users to contact the organization who own the applications to find out information about what PII data on themselves is currently stored by the organization and who uses the PII information and for what purposes. These processes put an unreasonable burden on the users and are not usable and useful.