Research efforts have been directed toward the improvement of privacy protecting technology by incorporating privacy protection into database systems. Purpose acts as a central concept on which access decisions are made. A complexity of purpose and users role hierarchies is utilized to manage the mapping between users and purposes. In this paper, we propose a personal information flow model that specifies a limited number of acts on this type of information. Chains of these acts can be used instead of the 'intended/business purposes' used in privacy access control.
|Cite as: Al-Fedaghi, S.S. (2007). Beyond Purpose-Based Privacy Access Control. In Proc. Eighteenth Australasian Database Conference (ADC 2007), Ballarat, Australia. CRPIT, 63. Bailey, J. and Fekete, A., Eds. ACS. 23-32. |
(local if available)