I’ve just finished to read this article, published by ScienceDaily, called “Databases Must Balance Privacy with Utility, says the Professor”. The Professor mentioned by this article is George Duncan, Carnegie Mellon University.
I tend to agree with his points, in particular: “Agencies like the U.S. Census Bureau produce a voluminous amount of data, much of which is of tremendous value to social scientists and other researchers. But the data also includes personal information that, under the law, must be protected and could be harmful were it to fall into the wrong hands. Thus, organizations that maintain such databases need to devise ways to protect individuals' privacy while preserving the value of the information to researchers”.
Prof. Duncan also raised an important question: 'How can data be made useful for research purposes without compromising the confidentiality of those who provided the data?'".
I would say that this question is true not only for “research contexts” but also for any other context and purpose where personal data is accessed, used and disclosed (e.g. for business, marketing or other reasons). Privacy management is indeed a very complex topic, and has different connotations depending on the contexts and type of personal information, as mentioned in the article.
In my opinion, when specifically discussing about privacy-enhancing solutions in an enterprise/organisation context, it is also important to consider (1) the role that current identity management solutions have in enterprises, (2) the complex enterprise processes and information flows that involve identity information and (3) the fact that different types of data repositories are used in enterprises (i.e. not just RDBMS databases but also LDAP directories, meta and virtual directories, etc.).
In this context, privacy management is ultimately yet another aspect of enterprise IT and data governance and is handled from business and regulatory compliance perspectives: enterprises deal with it in terms of risk management and threat mitigation. In order to be adopted, privacy-enhancing proposals need to recognise this situation and leverage (and potentially extend/be compatible with) current enterprise identity management solutions - for practical and economical reasons.
At HP Labs we have been working in this direction during the last 3 years, in particular in the context of two related R&D projects:
An overview of other related R&D privacy management projects can be found in my web page.
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment