Re: Database design and confidential data protection

From: Christopher Browne <cbbrowne_at_acm.org>
Date: 16 Nov 2003 13:10:38 GMT
Message-ID: <bp7t0e$1l6m6k$1_at_ID-125932.news.uni-berlin.de>

The world rejoiced as Diego Berge <dberge_at_privacy.net> wrote:
> How is it done if you had to work on a project (such as modifying and
> existing system) involving confidential data that needs to be
> protected from the developer?

The "standard" work on this is called _Translucent Databases_. <http://www.wayner.org/books/td/>

Basically, the idea is that sensitive fields are encrypted using keys that are user-specific. (Probably using some form of PK encryption.)

A characteristic example would be of storage of cases by a national rape crisis organization. In order to do statistical analysis and such, the data needs to be aggregated together across all offices. But the identities of the victims should only be accessible by the staff at the local office, and perhaps only the staff members that have worked with each specific victim.

-- 
let name="cbbrowne" and tld="cbbrowne.com" in String.concat "_at_" [name;tld];;
http://www.ntlug.org/~cbbrowne/wp.html
[Concerning  MSFT innovating  their way  out  of a  wet paper  bag...]
"Maybe if it were a very very  wet paper bag, but then they'd face the
insurmountable barrier of surface tension."
-- Geoffrey Tobin <G.Tobin_at_latrobe.edu.au>

Received on Sun Nov 16 2003 - 14:10:38 CET

This message: [ Message body ]
Next message: Bob Badour: "Re: Database design and confidential data protection"
In reply to Diego Berge: "Database design and confidential data protection"
Next in thread: Bob Badour: "Re: Database design and confidential data protection"
Reply: Anne & Lynn Wheeler: "Re: Database design and confidential data protection"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message