If you’re, say, a healthcare provider, you want to be able to show customers and the regulator that you have the appropriate controls in place so that no-one from, say, your marketing department can get access to patient data to start targeting them with offers, said Martin Sadler, head of HP’s Trusted Systems Laboratory in Bristol, UK.
Today, the process by which such data is given only restricted access is essentially a manual, people-centric one, but SelectAccess’s service-oriented architecture means we can use components of it for new applications such as making a database enterprise privacy-aware, Sadler said.
This will be done by putting a privacy wrapper round the data, such that when a query comes in, it will rewrite it to exclude the information that’s restricted, he said.
This means there will be no need to change the Oracle or SQL Server databases entry per se. We’ll deal with the issue at the query level, delivering the data back to the person querying the DB in a ‘clean’ manner.
Sadler said HP can already carry out this function in prototype today in its labs, and that early versions of the product are already with the SelectAccess team. As to when such a product will actually come to market, however, he was vague. We should be able to do it some time in 2006, he estimated.