Towards privacy in personal data management

Abstract

Purpose – In order to enhance privacy protection during electronic transactions, the purpose of this paper is to propose, develop, and evaluate a personal data management framework called Polis that abides by the following principle: every individual has absolute control over his/her personal data that reside only at his/her own side. Design/methodology/approach – This paper identifies representative electronic transactions that involve personal data and proposes Polis-based protocols for them. The approach is evaluated on a Polis prototype both as a stand-alone application and as part of a commercial database management system. Findings – The results of this paper indicate that electronic transactions can remain both feasible and straightforward, while personal data remain only at the owner’s side. Research limitations/implications – This paper describes a Polis-approach implementing prototype, which is easy to deploy and friendly to current information management technologies. However, the usability of the prototype has to be enhanced with supporting tools for editing personal data and policies and a more intuitive user interface. Finally, the Polis-platform enables a new class of user-centered distributed applications, which it intends to investigate. Practical implications – Even though the conditions for a personal data management approach like Polis are mature, and Polis can be progressively adopted, it still entails a major change in current business practices. Originality/value – This paper proposes a new paradigm for the management of personal data, which admits individuals to have their personal data stored only at their own side. The new approach can be of mutual benefit to both individuals and companies.