The privacy of sensitive information held on a data-handling system such as a personal computer is increasingly under threat from a range of software generically known as “spyware” that becomes installed, typically over a network, without the user's consent on the data-handling system. Such spyware can be arranged to collect information about the user and the user's habits; in particular, spyware can be set to scan the data-handling system for information that by its general form could correspond to sensitive information such as the user's name, address or bank account number.
It is known to provide data-handling systems with various forms of protected storage which give varying levels of protection of their contents against discovery by spyware. However, protected storage can give a false sense of security as it does not protect instances of the content that are held on the data handling system outside of the protected storage. For example, personal information is often held in multiple different locations when used by multiple applications or administrative tools and it is likely that not all of these instances of personal information will be held in protected storage.
Although computer-knowledgeable users may be able to utilize correctly sensitive-information protection mechanisms such as protected storage, many users have neither the knowledge nor commitment to make proper use of these mechanisms and a more active approach to countering spyware is desirable. One approach recently taken to the protection of sensitive information from spyware is to provide programs that actively seek out spyware typically by scanning the system looking for the signatures of known spyware programs. Whilst such an approach has merit, it also suffers from the problems inherent in all signature based systems, namely reliance on up-to-date signature files and diligent users.
Another mechanism that is used to protect sensitive information is to control how known instances of sensitive information are handled and stored; for example, before any known instance of personal information is included in an outgoing message, the user may be asked to confirm that this is intended.
It is an object of the present invention to facilitate the privacy protection of sensitive information held by a data-handling system.