In the aftermath of September 11 2001 security has been at the top of any Government or Enterprise agenda. Scrutinizing flight passenger lists, conference participants’ background, customers’ profile and securing access to public and private databases through gateways has become a standard way of doing things. Legislation has been put in place which in many countries give the authorities increased right to analyze personal data ? In some cases overriding existing privacy legislation.
In a networked world everybody leaves traces that are personally individually identifiable (PII). When we use our mobile phone, the cell network provider knows the location you are in and the time of the call. When you browse a bookstore on the internet, an applet will tell the web-site owner of your buying habits - and the moment you make a purchase on the net, you leave behind a sign of your reading habits and intellectual preferences. When you use your credit card on the net to buy flowers, the address of the receiver is recorded and related to your ID. If you are under medical treatment and receive medicine, the prescription will inform about your deceases. Under which circumstances do you want this information to be revealed?
Most countries as well as the European Union and its member countries have since long been aware of the potential threat against personal integrity in case a malevolent organization got hold of all this information. And now Governments in most countries are becoming increasingly interested in accessing personal information to prevent terrorism and establish an electronic surveillance of dubious elements in the society.
This paper intends to describe how IT solutions with a special focus on the public sector could be developed and deployed that will help organizations as well as individuals to protect their personally identifiable information, set up policies that will be translated to watch dogs that will ensure that these policies are followed when allowing external or internal users to access the information and later ensure that audit can be performed which will log any use of data.