The Hippocratic Database
IBM's model for privacy-savvy databases may well have been inspired by the Hippocratic oath, but the principles of how to handle private information are broadly understood and articulated. Regulations in the United States and elsewhere in the world are largely based on the idea of "Fair Information Practices" These practices stem from the set of principles established in 1980 by the Organization for Economic Co-operation and Development (OECD). While the OECD delineated eight principles (which many countries have used to develop legal guidelines for the collection and use of personal information), IBM's researchers cite ten, which cover how the data shall be used, disclosed, retained, and safeguarded.
Along with these principles, Agrawal and his colleagues offer a strawman design and a set of use cases for how Hippocratic databases could be tested. The response has been enthusiastic according to Agrawal, and has bolstered his conviction that, "We can build the datamining models while still preserving the privacy of individuals." For Agrawal, it's a case of "the promise of the technology versus the risk, and the technical community can help reduce the risk."
Sidebar: IBM's Principles of a Hippocratic Database
- Purpose Specification
For personal information stored in the database, the purposes for which the information has been collected shall be associated with that information.
The purposes associated with personal information shall have consent of the donor of the personal information.
- Limited Collection
The personal information collected shall be limited to the minimum necessary for accomplishing the specified purposes.
- Limited Use
The database shall run only those queries that are consistent with the purposes for which the information has been collected.
- Limited Disclosure
The personal information stored in the database shall not be communicated outside the database for purposes other than those for which there is consent from the donor of the information.
- Limited Retention
Personal information shall be retained only as long as necessary for the fulfillment of the purposes for which it has been collected.
Personal information stored in the database shall be accurate and up-to-date.
Personal information shall be protected by security safeguards against theft and other misappropriations.
A donor shall be able to access all information about the donor stored in the database.
A donor shall be able to verify compliance with the above principles. Similarly, the database shall be able to address a challenge concerning compliance.
Source: Hippocratic Databases by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu;
IBM Almaden Research Center