Privacy and Security in Personal Information Databank Systems.
ResearchPublished 1974
ResearchPublished 1974
Technical aspects of implementing information privacy safeguards and data security mechanisms in personal information databanks are explored. A structural classification of databank systems is presented; relevant characteristics of personal information are identified; a sensitivity scale and a classification system for personal information are proposed; and the general nature and sources of threats against databank systems are examined. A game-theoretic framework is provided for the protection requirements analysis and protection systems design. The associated variables, such as value of information, protection effectiveness, and protection cost, are discussed. The report concludes with an analysis of the components of a total protective system for personal information databanks--the subjects' rights protection provisions, maintenance of confidentiality, data security, integrity management, and auditing. Representative protection systems are derived for three levels of protection. 121 pp. Ref.
This publication is part of the RAND report series. The report series, a product of RAND from 1948 to 1993, represented the principal publication documenting and transmitting RAND's major research findings and final research.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.