This disclosure relates generally to managing sensitive information, and more specifically to information curation and auditing of privacy sensitive information.
Information curation is the process of applying and modifying disclosure policies to individual information items. National security information is one example of sensitive information that is subject to information curation. For example, upon the intake of national security information, an authorized government official sets a classification level for the information. Typically, the classification level can include a top secret classification, a secret classification, a confidential classification, or an unclassified classification.
In addition to setting a classification level for the sensitive information, the government official may also attach a policy that establishes the purposes for which the sensitive information may be used and recipients to whom the information may be disclosed. Over time, the government official or other authorized officials may modify the classification and disclosure policy. For example, a government agency may lower the classification level or prepare a less sensitive version of the information for release to another agency, tactical operation, or an unclassified domain. Additionally, the government agency may reclassify the information if it has been released or possibly raise the classification level if the information is part of multiple items of information that could be aggregated to reveal information at a higher classification level. Government information systems must therefore enable authorized officials to curate items of information by modifying applicable disclosure policies.