1. Technical Field
The present invention relates to privacy protection and more particularly to systems and methods employing an identifiability risk assessment to protect against disclosure of protected information.
2. Description of the Related Art
Information systems deployed and maintained by businesses of different sizes often store personal information collected from their clients. Similarly, information systems of government organizations, such as the Internal Revenue Service, store personal data about citizens, as well as other private data collected from businesses. In recent years, these information systems have increasingly become computerized.
Computer-based information systems enable anytime instant access to the data, and on-the-fly cross-referencing of large volumes data. Computerization is also critical for the implementation of data mining methods and other automated and highly efficient data analysis techniques, which in turn help reduce costs and improve the agility and the efficiency of businesses and governments.
Recent advances in communication technologies, wireless and cellular networks and widespread availability of the Internet enable instant access to the information systems and computational resources from virtually anywhere, via easily obtainable equipment such as a laptop with a wireless card. Together with the benefits that the now ubiquitous digital technologies have brought, they have also brought new dangers.
Currently, it is becoming increasingly easy to gain unauthorized access to personal data. Identity theft is a very serious and real threat to anyone who is sharing personal information with companies in exchange for services, credit, etc. As a consequence, safeguarding of personal information becomes a highly important objective for businesses and governments, and many aspects of privacy protection, such as the collection and use of information on minors or strong encryption of Internet communications, are mandated by laws or best business practices.
Two previously unsolved important problems of privacy protection arising in business and government information systems need solutions. These problems include evaluating and managing a tradeoff between privacy protection and business efficiency, and quantifying the privacy risks associated with various business operations. Solving these problems will contribute to improvements in both business transparency and business efficiency. The solutions will help streamline privacy protection processes, simplify the work of employees responsible for privacy protection, and increase the accountability of individual employees and entire organizations.
Managing the tradeoff between privacy and business efficiency: Arguably, any information collected and stored by an organization is collected with the intent of using this information, for one purpose or another. Privacy policies enacted by organizations restrict the purposes for which the information can be used. In this policy-controlled mode, privacy protection is equivalent to the enforcement of policy compliance. For any save more permissive policies, there can be practical situations where the potential benefits resulting from a particular business operation are not realized, because the operation requires the use of information in conflict with privacy policy. Therefore, the privacy policies are controlling the tradeoff between the needs of business efficiency and the needs of privacy protection.
Developing privacy policies is an extremely difficult task that any organization must perform when it establishes a system for storing personal or private information. It is especially difficult in information systems where automated policy enforcement is implemented, because for such systems, the policy is specified as a set of formal automatically verifiable rules. In some respects the task of writing policies can be compared to the process of developing the legislation. This analogy can be literal, if the policy is stipulated by law.
For these reasons, the policy writers often prefer to err on the side of caution, and prohibit the use of information when in doubt. Also as a result, the policies mandated internally by an organization are typically more restrictive than the published policies, and reflect not only the law and the published commitments of the organization, but also the best practices requirements as seen by policy writers.
The employees responsible for the use of information are often required to determine whether a particular use of information is in violation of the policy. For example, in some situations, the internal policy can be violated in order to allow an extremely critical operation, as long as the externally published policy and laws are not violated. If the internal policy is enforced automatically, such an operation may require the intervention of high-level management to circumvent the normal enforcement controls. This problem can be partially addressed by policies that permit wider access in exceptional circumstances, e.g., if sufficient justification is provided. However, the currently existing approaches do not provide sufficient assistance to the organization's employees responsible for making decisions, and often they are forced to violate internal policies in order to get their job done.