IBM Systems Journal - 2002 Copyright

IBM Skip to main content
  Home     Products & services     Support & downloads     My account  

  Select a country  
Journals Home  
  Systems Journal  
    Current Issue  
    Recent Issues  
    Papers in Progress  
    Author's Guide  
Journal of Research
and Development
  Contact Us  
  Related links:  
     IBM Research  

IBM Journal of Research and Development  
Volume 46, Number 2, Page 255 (2007)
Compliance Management
  Full article: arrowHTML arrowPDF   arrowCopyright info


Compliance with data protection laws using Hippocratic Database active enforcement and auditing

by C.M. Johnson, T.W.A. Grandison
Governments worldwide are enacting data protection laws that restrict the disclosure and processing of personal information. These laws impose administrative and financial burdens on companies that manage personal information and may hinder the legitimate and valuable sharing and analysis of this information. In this paper we describe an integrated set of technologies, known as the Hippocratic Database (HDB), which enables compliance with security and privacy regulations without impeding the legitimate flow of information. HDB's Control Center allows companies to specify fine-grained disclosure policies based on the role of the user, the purpose of the access, the intended recipient, and other disclosure conditions. Its Active Enforcement component transparently enforces these policies by transforming user queries in a middleware layer to ensure that the database returns only policy-compliant information. HDB's Compliance Auditing system efficiently tracks all database accesses and allows auditors to formulate precise audit queries to monitor compliance with privacy and security policies. In this paper, we outline the basic architecture of the HDB solution, discuss the advantages of our approach, and illustrate the features of each component with practical compliance scenarios from the financial services industry.
Related Subjects: