To date, research has focussed on privacy from a wide perspective, enabling organisations to implement various technologies that contribute to privacy protection. However, in such approaches the perspective of the data subject is often obscured in favour of meeting technical design requirements. The privacy architecture proposed in this paper is premised upon a view of privacy as unique to each individual person, changing over time and maintained through the control of personal data. This conceptualisation of privacy is evidenced by the research literature as well as various legislation. This paper establishes a requirement for a Privacy-Enhancing Technology for operational databases through a consideration of the state of practice and the relevant literature. An architecture for such a technology, which acknowledges and supports this understanding of privacy and which is based upon the Use and Disclosure Principle of the Australian privacy regulation framework, is then proposed. The architecture extends its privacy protection capabilities from primary to secondary data processing applications.
|Cite as: Wahlstrom, K. and Quirchmayr, G. (2007). The motivation and proposition of a privacy-enhancing architecture for operational databases. In Proc. Fifth Australasian Information Security Workshop (Privacy Enhancing Technologies) (AISW 2007), Ballarat, Australia. CRPIT, 68. Brankovic, L. and Steketee, C., Eds. ACS. 173-182. |
(local if available)