For sensitive information such as personal information, a criteria such as personal information protection policy (for example a P3P policy, hereinafter simply referred to as a “policy”) may be established for the permission of disclosure of the information. If information stored in a DB is protected with such criteria, access from an application to the information is checked to see whether the access satisfies the criteria before the information can be provided to the application. The information is provided to the application only if the access satisfies the criteria. Conventionally, determination as to whether access satisfies criteria has been made at the point of time when information stored in a DB is physically accessed (for example see Non-patent literature 1).
Non-patent literature 1 describes a method for determining whether access to personal information complies with personal information protection policy. The specific procedure is as follows.
First, an application obtains a DB connection in a conventional manner and issues an SQL query to the DB. A logic for policy compliance is provided in the DB, where the SQL query is translated into a query compliant with a policy. That is, when the translated SQL query is executed, only the information that complies with the policy can be acquired as a result of the query. The result of the query is provided to the application as is, and personal information that does not comply with the policy is not provided to the application.
[Non-patent literature 1] Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu: “Hippocratic Databases,” in proceedings of international Conference on Very Large Data Bases (VLDB) 2002: pp. 143-154, Springer, 2002