10 Guiding Principles

By Matthew Hicks  |  Posted 2002-08-20 Print this article Print

The architecture for the Hippocratic database concept is to be based on 10 guiding principles: purpose specification, consent, limited collection, limited use, limited disclosure, limited retention, accuracy, openness and compliance. The Hippocratic database and its components would work in the following way, according to IBM officials. First, metadata tables would be defined for each type of information collected. A Privacy Metadata Creator would generate the tables to determine who should have access to what data and how long that data should be stored. A Privacy Constraint Validator would check whether a sites privacy policies match a users preferences, and once this is verified the data would be transmitted from the user to the database.
A Data Accuracy Analyzer would test the accuracy of the data being shared. Once queries are submitted along with their intended purpose, the Attribute Access Control would verify whether the query is accessing only those fields necessary for the querys purpose. Only records that match the queries purpose would be visible thanks to the Record Access Control component. The Query Intrusion Detector then would run compliance tests on the results to detect any queries whose access pattern varies from the normal access pattern.
In the final step, a Data Retention Manager would delete any items stored beyond the length of their intended purpose. Audit trails of queries also would be kept to allow for privacy audits and to guard the database from suspicion that it has been misused. While IBM researchers are interested in eventually including the Hippocratic database concept into IBMs DB2 database, they also want to expand interest in the concept. Agrawal hopes the presentation of the concept will lead other vendors and university researchers to embrace and evolve it. "I wanted the database community to become cognizant of the issues," Agrawal said. "I personally think it will help if others participate in it."

Matthew Hicks As an online reporter for eWEEK.com, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for eWEEK.com. Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel