Privacy and Access Control: How are These Two concepts Related?

Abstract

Privacy issues are increasingly becoming important for many domains and applications. Many of such issues arise from the constant streaming of personal and sensitive data made available from lay users online, and also from the emerging widespread of highly ubiquitous and content-rich, personalized applications. Further, strong regulatory frameworks are now in place to ensure that users’ data is properly managed and protected. For instance, the responsible management of sensitive data is explicitly being mandated through laws such as the Sarbanes-Oaxley Act and the Health Insurance Portability and Accountability Act (HIPAA). Accordingly, data and user privacy have received substantial research attention over the past years. Several technical challenges have been tackled, including how to balance utility with the need to preserve privacy of individual data, and how to protect data from unwanted and unauthorized parties [5, 1, 6, 2]. In parallel, in response to several privacy outcries, many companies and organizations involved with users’ data collection and management (particularly online) have also made an effort toward introducing stronger privacy and access control solutions. Yet these efforts have been shown to be inadequate or insufficient [7]. Among the various methods and mechanisms to ensure users’ privacy, access control techniques are a well-established building block to protect users’ data. Historically, the mechanism for access control was considered only a support provided by database systems for sensitive structured data. Such a model of authorization is intuitive to application developers and users of the database system, but it only