Skip to main content

Active Enforcement

Hippocratic Database Technology

Privacy is the right of individuals to set boundaries for the collection and use of personal information based on individual consent. Unlike security, which revolves around the authorization of users, privacy addresses data management issues related to users who already have access to the system. Corporations need to handle this private information in accordance with privacy regulations as well as business requirements. Currently, many companies find it difficult to manage the wide-ranging purposes for accessing information by those individuals or organizations with different access rights. By jointly leveraging Tivoli Privacy Manager and Hippocratic Database technology, IBM offers an efficient, comprehensive solution for privacy policy enforcement.

Preserving privacy is the major tenet of future database systems. The Hippocratic Database is built upon 10 principles to protect and manage private information that reside in the databases.

  1. Purpose Specification: For personal information stored in the database, the purpose for which the information has been collected should must be associated with that information.
  2. Consent: The purpose associated with personal information must have consent of the donor of the personal information.
  3. Limited Collection: The personal information collected must be limited to the minimum necessary for accomplishing specified purposes.
  4. Limited Use: The database must run only queries that are consistent with the purposes for which the information has been collected.
  5. Limited Disclosure: The personal information stored in the database must not be communicated outside the database for purposes other than those for which there is consent from the information donor.
  6. Limited Retention: Personal information should be retained only as long as necessary for the fullfillment of the purposes for which it has been collected.
  7. Accuracy: Personal information stored in the database must be accurate and up-to-date.
  8. Safety: Personal information must be protected by security safeguards against theft and other misappropriations.
  9. Openness: A donor must be able to access all information about the donor stored in the database.
  10. Compliance: A donor must be able to verify compliance with the above principles. Similarly, the database must be able to address a challenge concerning compliance.

Our Hippocratic Database solution provides value to IBM customers who are under the jurisdiction of regulations such as HIPAA, the Gramm-Leach-Bliley (GLB) act, the Japanese Privacy Act, and the Australian Privacy Act. Section 6801 of the GLB reads, "It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information." HIPAA states that those who maintain or transmit "health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards -- (A) to ensure the integrity and confidentiality of the information; (B) to protect against any reasonably anticipated -- (i) threats or hazards to the security or integrity of the information; and (ii) unauthorized uses or disclosures of the information; and (C) otherwise to ensure compliance with this part by the officers and employees of such person."

To address privacy issues, we propose a database architecture supporting automatic enforcement of privacy policies. Our architecture involves three main components. First, we allow a company to specify its privacy policy using a privacy language called EPAL. Second, we allow users to define specific preferences for information access and usage. The information collection module checks the company's privacy policy against the user preferences. Finally, we provide secure querying capabilities that enforce corporate privacy policies and users preferences. Unlike existing methods, our architecture does not require customization of a company's existing applications. This results in easier installation and minimizes customization, overhead, and maintenance costs.

By effectively managing private information, our comprehensive solution can also increase trust from customers and partners. Managing private consent information in this manner will likely help mitigate legal risks but also drive performance improvements and cost efficiencies in privacy management. In addition, customers may experience an increase in business opportunities that were previously inhibited by privacy concerns.

The market trends and future applications of the Hippocratic Database point to a potentially vast and growing market. The growth in on demand businesses, increasing privacy concerns and subsequent laws, and the massive growth in corporate data all represent potential applications for this technology. This unique privacy-enforcing solution could bring about a strong competitive advantage for customers in this age where privacy is an increasing concern. The market trends and the future applications of the Hippocratic Database point to a vast and growing market. The growth in on demand businesses, the increased privacy efforts by the government, massive growth in corporate data, and the increasing privacy concerns of individuals represent potential opportunities for this technology. This unique privacy-enforcing solution could be a key market differentiator for IBM and stands to bring about a strong competitive advantage for customers in this age where privacy is an increasing concern.


[an error occurred while processing this directive]