Browse Prior Art Database

A cloud-ready system for limiting access to data that understands global legal context Disclosure Number: IPCOM000239034D
Publication Date: 2014-Oct-02
Document File: 2 page(s) / 40K

Publishing Venue

The Prior Art Database


Disclosed is a method to allow multiple teams to work independently; where one team creates an application, and another team creates a set of rules for data compliance which will be enforced upon the first team's application whilst minimising the amount of collaboration between the teams required for the multiple applications/products to interoperate.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 01 of 2

A cloud-ready system for limiting access to data that understands global legal context

A known problem is the need for legal compliance of data protection laws on the cloud. A cloud hosted application may store data in several countries and transmit data all around the world. Today, many countries have created laws specifying minimum data retention in certain cases, maximum data retention in other cases, and data protection law for citizens.

    Typically lawyers, developers and database administrators will craft policies and technical limitations by hand. As new legislation is passed, and as cloud computing grows more popular meaning that more applications spread their data storage geographically building data compliance, this manual process becomes more costly.

    The solution herein comprises an interception layer which intercepts user input to gather data such as who is logging in and where they are accessing the application from, and uses this data to create sanitised clone tables in an application's data store. The clone tables will contain only the data that the user is permitted to access. Finally, the interception layer will redirect any attempt to read the database towards these clone tables.

    Advantageously, there is provided a generalised framework that can easily be used to create and implement data compliance policies. In addition because the solution works dynamically by interception, it can be easily adjusted if the law changes and can integrate well with cloud platforms to handle complex environments where data is stored and moved across international borders.

    0) When creating an application, developers attach semantic tags to database columns. For example, three tags comprise one tag which denotes personal data, one tag which denotes medical data, and one tag for country of residence. One

Page 02 of 2

column may have multiple tags.

    1) Alice logs into the system. The interception layer captures details from her login, it records her credentials and her current physical location using technologies such as IP geolocation on Alice's IP.

    2) The interception layer looks up the rules from its policy database. Exemplary rules are as follows:

i) Only doctors can look at medical data.

     ii) Employees can only look at personal data if he/she and the patient share a country of residence.

iii) Personal data cannot leave the patient's country of residence.

    3) The interception layer applies Alice's data to the rules in the policy datab...