1. Field of the Invention
The present invention generally relates to a secure system and method for managing potentially confidential data. In particular, the present invention relates to a system and method for managing data so that access to the data is controlled and confidentiality of the data is ensured.
2. Background Art
In several industries, such as banking and insurance, a good statistical understanding of several types of data is either vital, or at least crucial for economic success. For example, actuarial charts are an extremely valuable resource to the insurance industry. In this case, the data sets are so large that precise data modeling can be done. Moreover, since the essential elements of information that need to be taken into account are not confidential, data sharing among market participants is somewhat common. Typically, the distributions describing such data have so called “thin tails,” which generally means that events quite different from the most typical events are extremely rare. As a consequence of this and other characteristics that allow for better statistical analysis, premium pricing can be done so that it is both attractive to customers and profitable for insurers.
In contrast, other types of data (e.g., operational risk data) are considered sensitive, and as such, are rarely reported. Usually, the distributions that capture these types of data have fat tails (i.e., abnormally many extreme events). “Operational Risk” relates to the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external events. This type of risk is typically linked to events that institutions such as banks prefer to keep confidential (e.g., hacking on their systems, failure due to man or a machine to complete a trade, etc). Thus, companies that would benefit from sharing data about operational risk to augment the quality of important statistics cannot do so because of the confidentiality breaches that sharing would imply.
Heretofore, attempts have been made to use a third party to collect such sensitive data. However, a problem connected with third party collection is directly linked to the lack of control of the third party. Specifically, the third party usually does not obtain all of the necessary data. Moreover, access to the data in these instances (e.g., by employees of the third party) is often not controlled. Thus, confidential details are at risk of being exposed.
In view of the foregoing, there exists a need for a secure system and method for managing confidential data so that the data can be analyzed and remain confidential. Moreover, a need exists for a system and method in which access to data is limited to only approved or authorized entities. A further need exists for a system and method in which confidential details in received data can be readily identified and concealed. Another need exists for a system and method in which confidential details that have become non-confidential can be identified and exposed.