Purpose-based Versus Flow-Based Access Control for Privacy

Abstract

Problem statement: Data protection legislation requires handling of Personal Identifiable Information (PII) in special ways to guarantee privacy. Specifically, the notion of handling purpose plays an important role in current access control mechanisms that allow only actions corresponding to intended purposes. A problem that arises in this context is how to ensure that PII is used solely for the intended purpose. Approach: This study shows that problems in the context of purpose access control can be avoided by using flow-based specifications that map users to a sequence of stages of flows of PII. The methodology is used as a tracking apparatus as it specifies the types of operations a user can perform on such information. The flow system of PII is constructed from six generic operations. Results: The resultant maps of flows of PII are used to assign flow systems to users that represent access control instruments to specify permissible operations and PII streams, preventing use of PII for purposes not corresponding to intended purposes. Conclusion: The resultant flow-based access map demonstrates a viable description method that can be adopted for controlling access to PII. It also presents a uniform methodology that can be applied at various levels such as privacy policies.