Security

Purpose-Based Versus Flow-Based Access Control for Privacy

Download Now Free registration required

Executive Summary

Advances in information technology and the emergence of privacy-invasive technologies have made it necessary to introduce privacy regulations that impose restrictions on handling of Personal Identifiable Information (PII). According to current thinking, "PII privacy protection can only be achieved by enforcing privacy policies within an organization's online and offline data processing systems" and "Privacy cannot be efficiently implemented solely by legislative means. Data protection commissioners are therefore demanding that legal privacy requirements should be technically enforced and should be a design criteria for information systems".

  • Format: PDF
  • Size: 272.1 KB