With the recent spread of electronic commerce and integration of intra-company systems, it has become necessary to share personal information, confidential information, etc. while protecting the privacy of customers. To protect personal information, it is internationally recommended to use information systems based on eight OECD principles. Thus, any company that builds an information system should desirably work out a privacy policy and ensure that the information system will access personal information properly based on the privacy policy.
In such an information system, generally servers are equipped with a policy determination function for determining, based on a privacy policy, whether personal information may be accessed while clients are provided with an access administration function for performing access control based on decisions by the policy determination function as well as with personal information.
Incidentally, description of prior art documents will be omitted because no such document is known to exist at present.