Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
1998-10-02
2001-08-14
Alam, Hosain T. (Department: 2172)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000, C707S793000, C707S793000, C713S152000
Reexamination Certificate
active
06275824
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to systems and methods of data warehousing and analysis, and in particular to a system and method for enforcing privacy constraints on a database management system.
2. Description of the Related Art
Database management systems are used to collect, store, disseminate, and analyze data. These large-scale integrated database management systems provide an efficient, consistent, and secure data warehousing capability for storing, retrieving, and analyzing vast amounts of data. This ability to collect, analyze, and manage massive amounts of information has become a virtual necessity in business today.
The information stored by these data warehouses can come from a variety of sources. One important data warehousing application involves the collection and analysis of information collected in the course of commercial transactions between businesses and consumers. For example, when an individual uses a credit card to purchase an item at a retail store, the identity of the customer, the item purchased, the purchase amount and other related information are collected. Traditionally, this information is used by the retailer to determine if the transaction should be completed, and to control product inventory. Such data can also be used to determine temporal and geographical purchasing trends.
Similar uses of personal data occur in other industries. For example, in banking, the buying patterns of consumers can be divined by analyzing their credit card transaction profile or their checking/savings account activity, and consumers with certain profiles can be identified as potential customers for new services, such as mortgages or individual retirement accounts. Further, in the telecommunications industry, consumer telephone calling patterns can be analyzed from call-detail records, and individuals with certain profiles can be identified for selling additional services, such as a second phone line or call waiting.
Additionally, data warehouse owners typically purchase data from third parties, to enrich transactional data. This enrichment process adds demographic data such as household membership, income, employer, and other personal data.
The data collected during such transactions is also useful in other applications. For example, information regarding a particular transaction can be correlated to personal information about the consumer (age, occupation, residential area, income, etc.) to generate statistical information. In some cases, this personal information can be broadly classified into two groups: information that reveals the identity of the consumer, and information that does not. Information that does not reveal the identity of the consumer is useful because it can be used to generate information about the purchasing proclivities of consumers with similar personal characteristics. Personal information that reveals the identity of the consumer can be used for a more focused and personalized marketing approach in which the purchasing habits of each individual consumer are analyzed to identify candidates for additional or tailored marketing.
Another example of an increase in the collection of personal data is evidenced by the recent proliferation of “membership” or “loyalty” cards. These cards provide the consumer with reduced prices for certain products, but each time the consumer uses the card with the purchase, information about the consumer's buying habits is collected. The same information can be obtained in an on-line environment, or purchases with smart cards, telephone cards, and debit or credit cards.
Unfortunately, while the collection and analysis of such data can be of great public benefit, it can also be the subject of considerable abuse. In the case of loyalty programs, the potential for such abuse can prevent many otherwise cooperative consumers from signing up for membership awards or other programs. It can also discourage the use of emerging technology, such as cash cards, and foster continuation of more conservative payment methods such as cash and checks. In fact, public concern over privacy is believed to be a factor holding back the anticipated explosive growth in web commerce.
For all of these reasons, as well as regulatory constrains, when personal information is stored in data warehouses, it is incumbent on those that control this data to protect the data from such abuse. As more and more data is collected in this, the computer age, the rights of individuals regarding the use of data pertaining to them have become of greater importance. What is needed is a system and method which provides all the advantages of a complete data warehousing system, while addressing the privacy concerns of the consumer.
SUMMARY OF THE INVENTION
To address the requirements described above, the present invention discloses a method, apparatus, article of manufacture, and a memory structure for managing data privacy in a database management system.
The apparatus comprises a database management system, for storing and retrieving data from a plurality of database tables wherein the data in the database tables is controllably accessible according to privacy parameters stored in the database table, a database management system interface operatively coupled to the database management system and controlling access to the data within the database tables according to the privacy parameters, and an audit module, communicatively coupled to the database management system interface, for validating enforcement of the data privacy parameters in the database management system.
The method comprises the steps of extending a database table to store and retrieve privacy parameters for the data stored in the database table, the privacy parameters collectively stored in a plurality of database columns associated with the data, accepting privacy parameters from the data source, storing the privacy parameters in the columns associated with the data, providing access to the data in the database table to a requesting entity solely through a database management system interface in accordance with the personal privacy parameters, and logging the provided access to the database table in an access log. The program storage device comprises a medium for storing instructions performing the method steps outlined above.
One embodiment of the present invention also utilizes a privacy metadata system that administers and records all data, users, and usage of data that is registered as containing privacy elements. This metadata service provides for locating, consolidating, managing, and navigating warehouse metadata. It also allows for setting aside an area from which all system aspects of privacy are registered, administered, and logged in an auditable format.
REFERENCES:
patent: 5319777 (1994-06-01), Perez
patent: 5751949 (1998-05-01), Thomson et al.
patent: 5961593 (1999-10-01), Gabber et al.
patent: 6085191 (2000-07-01), Fisher et al.
patent: 6141658 (2000-10-01), Mehr et al.
patent: 6195657 (2001-02-01), Rucker et al.
patent: WO 95/22792 (1995-08-01), None
“A Prototype Model for Data Warehouse Security Based on Metadata,” Katic et al., Proceedings of the 1998 IEEE International Workshop on Database and Expert Systems Applications, Aug. 26-28, 1998, pp. 300-308.*
President William J. Clinton, Vice President Albert Gore Jr., “A Framework For Global Electronic Commerce,” Jul. 1997, at http://www.iitf.nist.gov/eleccomm/ecomm.htm, pp. 1-22.
Markoff, John, “U.S. and Europe Clash Over Internet Consumer Privacy,” Jul. 1, 1998 at http://search.nytimes.com/search/daily/b. . . astweb?getdoc+site+site+35855+0+wAAA+P, pp.1-3.
“OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data,” Oct. 1, 1997 at http://www.oecd.org/dsti/sti/it/secur/prod/PRIV-EN.HTM, pp. 1-23.
“FTC Releases Report on Consumer' Online Privacy”, Report to Congress on Privacy Online, Jun. 4, 1998, at http://www.ftc.gov/opa/9806/privacy2.htm, pp. 1-4.
“High Tech Industry Leaders Announce Self-Regulatory Plan
Dempster Patric B.
O'Flaherty Kenneth W.
Ozden Renda K.
Ramsey David A.
Stellwagen, Jr. Richard G.
Alam Hosain T.
Gates & Cooper
NCR Corporation
LandOfFree
System and method for managing data privacy in a database... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for managing data privacy in a database..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for managing data privacy in a database... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2452950