Australian Computer Society
Research efforts have been directed toward the improvement of privacy protecting technology by incorporating privacy protection into database systems. Purpose acts as a central concept on which access decisions are made. A complexity of purpose and users role hierarchies is utilized to manage the mapping between users and purposes. In this paper, the authors propose a personal information flow model that specifies a limited number of acts on this type of information. Chains of these acts can be used instead of the \"Intended/business purposes\" used in privacy access control.