Organizations hold large amounts of data relating to customers, employees, company accounts, products, finances and related topics. The data may be stored in various formats such as email, spreadsheets, word processor documents, relational data base records, and other structured and unstructured formats. Much of this data is private in nature or is sensitive corporate information that should only be disclosed on a “need to know” or other restricted basis. Organizations are becoming increasingly sensitive to access of private and other sensitive data and, in some cases, are attempting to ensure that privacy and sensitivity of the data is respected. This can be implemented by a privacy policy or other data handling practices that define rules relating to who may access different types of data. The rules may additionally define purposes the data may be accessed for, under what conditions the data may be accessed and mandatory performance of certain obligations based on access of certain data. Standards are presently evolving for definition of privacy rules. Some examples of such standards are Platform for Privacy Preferences (P3P) and eXtensible Access Control Markup Language (XACML).
Currently, organizations that have a privacy policy in existence are usually obliged to have some manual means of ensuring that obligations defined by the policy are enforced. However, manual methods are neither efficient nor fool-proof. It would thus be advantageous to enforce such obligations automatically, in response to access of relevant data, to ensure that the privacy rules are respected and not violated.
U.S. Pat. No. 6,253,203, entitled “Privacy-enhanced databases”, incorporated herein by reference was filed on Oct. 2, 1998 in the name of O'Flaherty, et al., and is assigned to NCR Corporation. This document relates to storing data control information reflecting consumer privacy parameters in a data control column of a database table. Access to data in the database is handled in accordance with the privacy parameter/s. The restriction here is that the above arrangement assumes that the data is stored in a structured format. Moreover, the above arrangement may not be applicable to existing systems that already have a large data corpus stored in a particular format.
More generally, database triggers are defined at the level of the table in a relational database system, while the data access is at the level of an individual row. Additionally, relational database triggers operate only on insert, delete or update operations and obligations frequently need to be enforced even when the data is only being read. Furthermore, methods and systems using database triggers are restricted to structured data stored in relational databases.
U.S. Patent Application Publication No. 20030014654, entitled “Using a rules model to improve handling of personally identifiable information”, incorporated herein by reference was published on Jan. 16, 2003 in the name of Adler, et al., and is assigned to International Business Machines. The document relates to specification of privacy-related actions regarding access of personally identifiable information.
U.S. Patent Application Publication No. 20040117407, entitled “Resource and data administration technologies for IT non-experts”, incorporated herein by reference was published on Jun. 17, 2004 in the name of Kumar, et al. The document relates to definition, deployment and execution of policies in order to manage resources such as databases and information repositories.
A need exists for improved methods, systems and computer program products for ensuring that obligations relating to a data-handling policy are automatically enforced after relevant data is accessed.