| 摘要 |
A data security system includes means (3) to control access to personal data in accordance with the wishes of data subjects. Associated with each data subject is a privacy policy which includes a set of purposes for which use of their personal data is consented to. Associated with each privacy policy is a pattern which represents the route that an application (2) attempting to access the personal data, which is stored in a data storage system (1), should use to navigate to that personal data in the data storage system. The pattern includes nodes and arcs which are annotated to indicate the purposes for which use of personal data in one node, or traversal of an arc to another node, is consented to. The application is permitted to access personal data relating to a data subject if the processing purpose of the application is compatible with the consented purposes for that personal data. The application (2) first indicates the identity of the data subject and the processing purpose to the access control means (3), which then enforces the relevant privacy policy and permits or denies access to the personal data in the data storage system (1).
|
