1. Field of the Invention
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for multicomputer data transferring. Still more particularly, the present invention provides a method and apparatus for multicomputer distributed resource management.
2. Description of Related Art
An individual interacts with many enterprises, e.g., institutions, organizations, and corporations, that maintain information about the individual for various purposes. In modern society, this information is maintained electronically, which allows the information to be processed much more efficiently than paper documents. However, concerns about the privacy of electronically managed information have grown with the adoption of Internet-based services, which allows enterprises to share information easily. Privacy has been defined as “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others”, Westin, Privacy and Freedom, 1967.
Due to regulation and consumer concerns, many enterprises are having to re-evaluate their privacy management operations, such as the manner in which they handle personally identifiable information (PII) that they collect about individuals.
As a first step towards managing personally identifiable information, responsible enterprises usually create, implement, and enforce a privacy policy. Before an enterprise collects a user's personally identifiable information, the enterprise should obtain the user's consent to the privacy policy and should collect the user's preferences on any options that the enterprise may provide with respect to the manner in which the enterprise manages the user's personally identifiable information. FIG. 2A depicts a simple diagram showing an exchange of privacy promises 202 from a server 204 to a user 206 in exchange for the user's consent to the privacy promises and a selection of the user's privacy preferences 208.
The privacy policy generally includes a set of promises that an enterprise makes to users of services that are provided by an enterprise. At a low level, these privacy promises can be captured to some degree in a machine-readable format. An example of this is the Platform for Privacy Preferences Project (P3P), which has been developed by the World Wide Web Consortium; P3P has emerged as an industry standard for providing an automated way for users to gain more control over the use of personal information that is collected and managed by web sites which the users visit. P3P provides a mechanism for disclosing the manner in which a site handles personal information about its users; P3P-enabled web sites make this information available in a standard, machine-readable format, and P3P-enabled browsers can use this information automatically by comparing it to a user's previously-selected privacy preferences.
The privacy promises in the privacy policy state, at a high level, how the enterprise manages and possibly disseminates any personally identifiable information. For example, a privacy policy can be in human-readable format, such as text within a web page that includes legal terminology. FIG. 2B shows a graphical user interface window 210 that might appear when a user is perusing a web site; window 210 is a pop-up window that might appear on a user's screen in response to execution of a script that is embedded within a web page document that has been received by the user's browser application on a client device. The intention of window 210 is to provide notice to the user concerning the enterprise's, i.e. the web site operator's, privacy policy and to obtain an acknowledgment from the user that the user has read the privacy policy, e.g., by forcing the user to select check box 212 before the user can continue with an operation within the web site; the selection of hyperlink 214 will present the privacy policy in a human-readable format for the user, possibly by presenting another pop-up window on the user's screen or by directing the web browser to retrieve another web page. Window 210 also collects user preferences concerning some options with respect to the enterprise's privacy policy. Check box 216 gives the user control over an action that the enterprise might perform while using the user's personally identifiable information. Check box 218 gives the user control over whether the enterprise may share some of the user's personally identifiable information with other enterprises. “OK” button 220 closes window 210.
Using a mechanism similar to that shown in FIG. 2B, a user acknowledges the enterprise's privacy policy and indicates their acceptance to the privacy policy. This may also involve the user selecting some personal privacy preferences with respect to the management of the user's personally identifiable information. Once the user has acknowledged the privacy policy and indicated the user's preferences, then the enterprise can collect the user's personally identifiable information.
A user may attempt to access personally identifiable information, whether or not the user is the owner of the information, at some future point in time; in other words, a user may attempt to access a particular person's personally identifiable information after an enterprise has collected a particular person's consent to a privacy policy and that person's preferences with respect to the privacy policy. In general, the owner of any personally identifiable information that has been previously collected can legitimately access the collected information. However, other types of users may attempt to access the collected information; a user may have privileged access to the collected information even though the user is not the owner of the personally identifiable information. For example, specific employees of an enterprise, such as those that work within a human resources department, may be authorized to access the collected information. Even though these users are not the owner's of the personally identifiable information, they may legitimately access the information as long as the information is handled in accordance with the privacy policy as agreed by the owner. Enforcement of a privacy policy includes obeying the privacy policy while also respecting the previously specified preferences of the owner of the information with respect to the privacy policy.
Current enterprise mechanisms for implementing privacy policy enforcement require the implementation of privacy policy enforcement within each application that is provided by the enterprise. For example, an enterprise may operate many applications that access personally identifiable information, and each application is modified to encode rules for applying a privacy policy and for checking a data owner's previously specified consent and preferences. FIG. 2C shows a typical organization of privacy policy management within an enterprise domain 222 that is operating an e-commerce web site in which multiple e-commerce applications 224-228 are individually responsible for enforcing the enterprise's privacy policy for any interactions with the user/client 230 and for individually checking the user's consent and preferences to the privacy policy with database 232.
In some operational scenarios, each e-commerce application that is shown in FIG. 2C may be concerned with different privacy policy issues because they handle different types of personally identifiable information, thereby requiring slightly different operations for handling user consent and user preferences with respect to the different types of personally identifiable information. Hence, the prior art approach that is depicted in FIG. 2C is problematic. Each application that handles personally identifiable information must be modified to include functionality for privacy policy enforcement, which may require multiple changes to different parts of each application. Application development and maintenance costs increase as each application needs to be enhanced to include the privacy functions.
In addition, personally identifiable information is often accessed multiple times within a single enterprise, possibly by different applications accessing different data. Users of the enterprise services may have dissatisfying experiences when navigating enterprise services and confronting different manners for enforcing a privacy policy. Moreover, an enterprise might not be sure that there is a consistent implementation of privacy policy enforcement within all applications. For example, the enterprise may be operating an application that accesses data without providing users with appropriate notice; subsequent discovery and remedy of such situations can greatly increase user dissatisfaction with the enterprise.
Therefore, it would be advantageous to have a method and system for implementing coherent, enterprise-wide, functionality for privacy policy enforcement.