People access more and more information including services through the Internet. On many occasions a user is required to provide certain information to be served or better served by an information source (e.g., a website). Some of the information may be related to the user personally. For purposes of this discussion, personal information is divided into three categories, low-sensitivity, mid-sensitivity, and high-sensitivity, depending on the information's proximity to the user's privacy. While the number of sensitivity levels and the boundary lines between sensitivity levels is somewhat arbitrary, the aforementioned three-level division will be useful for the following discussion. In addition, for the purposes of this discussion, the terms “make public” or “made public” include disclosing information, accidentally or otherwise, to even one person who does not have explicit permission to receive that information.
Low-sensitivity personal information is one that, albeit personal, rarely requires any protection from being made public. For example, a user may specify a language as his preferred one at a multi-lingual website such that the website automatically renders web pages in the user's preferred language. Since it is fairly easy to learn what language a person prefers to use, few people, if any, would be concerned about such information being made public (e.g., disclosed to another user of the same information service).
In contrast, high-sensitivity personal information is germane to a person's privacy and always requires security measures to protect against infiltration by others. For instance, a user's email account often includes email messages highly private to the user and/or those who exchange messages with him. Access to the messages usually requires an express login with a correct combination of username and password. For example, upon receipt of the username and password from a client computer, a service provider (e.g., an email server) generates a unique object such as a cookie for authenticating the user. The cookie is a small piece of data that is sent back to and stored at the client computer. The service provider allows a request to access the user's email account from the client computer if the request includes the cookie.
Between the low-sensitivity and high-sensitivity types of personal information is mid-sensitivity personal information, which is more critical to a person's privacy than the low-sensitivity one, but less than the high-sensitivity one. User-submitted query terms to a search engine, i.e., a user's search history, are an example of mid-sensitivity personal information. An investigation of these query terms can easily reveal the kind's of information that interests a user, and which many or most users would not want to be made public. For example, if the user submits a series of query terms associated with a particular type of disease, it is possible that he may (or he suspects that he may) have this disease. Although a user would like to keep this type of personal information private, the login approach to protecting this information may be excessively burdensome, because it would prevent casual users from using search engines and other online services unless they became registered users with user names and passwords.
Based on the above discussion, another potential definition for mid-sensitivity personal information is personal information that is routinely submitted by users to online services without first establishing a login relationship (i.e., requiring a username and password) with those online services. Thus, in some instances, the mid-sensitivity personal information may be just as confidential or personal as the high-sensitivity information, but for various reasons many users have routinely submitted such information to online services (e.g., merchants, search engines, and other information sources) without first establishing that such information will in fact be protected and kept private.
Therefore, there is a need for a convenient approach for protecting a user's mid-sensitivity personal information from being made public or being illegally obtained.