Databases Reference
In-Depth Information
Hippocratic databases should be architected to regulate use and disclo-
sure of personal information in strict accordance with privacy and security
laws, enterprise policies, and individual choices. They should be designed to
safeguard this information and protect individual privacy without impeding
legitimate and beneficial uses of information. HDBs are founded upon a set
of ten data protection principles and require a diverse set of technologies to
realize these principles. In the following sections, we outline these founding
principles, describe several technologies that advance these principles, evaluate
the state of the art in HDB-enabling technologies, and suggest opportunities
for future research.
2 Founding Principles of a Hippocratic Database
The founding principles of a Hippocratic database are based on concepts of
information privacy drawn from international data protection laws and guide-
lines [2].
1.
Purpose Specification.
The purposes for which personal information
has been collected shall be associated with that information in the
database.
2.
Consent.
The purposes associated with personal information shall have
the consent of the individual who is the subject of the information.
3.
Limited Collection.
The personal information collected shall be limited
to the minimum necessary for accomplishing the specified purposes.
4.
Limited Use.
The database shall run only those queries and operations
that are consistent with the purposes for which the information has been
collected.
5.
Limited Disclosure.
Personal information stored in the database shall
not be communicated outside of the database for purposes other than
those to which the individual consented.
6.
Limited Retention.
Personal information shall be retained only as long
as necessary to fulfill the purposes for which it was collected.
7.
Accuracy.
All personal information in the database shall be accurate and
current.
8.
Safety.
Personal information shall be protected by security safeguards
against theft and other misappropriation.
9.
Openness.
An individual shall be able to access all information about
him or her stored in the database.
10.
Compliance.
An individual shall be able to verify compliance with the
above principles, and the database capable of responding to these chal-
lenges.
