Protecting Privacy by Using Data Labels

Archived Published: 16 June 2011 ID: G00212150


Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

contact us online


Data handlers rely on contextual information about the data they are handling to make decisions. Today, that information is implicit and tribal in nature. When data moves from one system, department, organization, or country to another, it moves from one context to another. And in moving from one context to another, data leaves behind its handling rules, expectations, norms, and agreements unless something makes all of these things explicit and bundles them with the data before it moves. Better data-handling decisions can be made by labeling data with this contextual information; this is the goal of what Gartner calls relationship context metadata (RCM).

Table of Contents

  • Summary of Findings
  • Analysis
    • Introducing Relationship Context Metadata
    • Traditional Means of Controlling Access
    • Providing Context Through Labels
    • Goals
      • Make Implicit Context Explicit
      • Inform the Social Layer
      • Chain of Accountability
      • Do Not Pollute the Data
      • Structured and Semi-Structured Applications
    • Constraints
    • Design Anti-Patterns
      • Wright's Catastrophe
      • RFID License Plates
    • Relationship Context Metadata
      • Metadata
      • String of Beads
      • What RCM Could Include
    • Proposed Rules of Data Handling
      • Treat Information Without RCM as Suspect
      • Tampering with Any Bead on a String of RCM Is an Act of Fraud
      • If the Beads on a String of RCM Cannot Show that the Data Originated from an Identified Party, the Current Holder of the Data Is Accountable for Everything that Happens to the Data
    • Challenges to Using RCM
      • Infrastructure's Inability to Handle Metadata
      • Problems of Composition
      • Common Languages
      • Dangers of Re-Identification
      • Training Users
      • Lack of Enforcement Mechanisms
    • Humble Goals to Avoid Continued Headaches
    • Strengths
      • Informs the Social Layer
      • Assigns Accountability
      • Doesn't Pollute the Data
    • Weaknesses
      • Insufficient Current Metadata Infrastructure Capabilities
      • Insufficient Current Metadata-Handling Processes
      • Imposes a New Burden on Users
  • Recommendations
    • Don't Try to Solve Privacy Problems with Authorization Schemes
    • Start Labeling Data
  • The Details
    • A Proposed RCM Schema
      • Schema Overview
      • RCM Attributes
      • Parties
      • Actions to Take
      • Agreements, Relationships, Consents, and Obligations
      • Descriptions
      • Flags
      • Tamper Detection
      • Technical Controls Expressions
      • RCM XSD
    • Use Cases
      • Data Transfer Use Cases
      • Event Use Cases
  • Recommended Reading
  • Notes
© 2011 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Free Research

Discover what 12,000 CIOs and Senior IT leaders already know.

Free Access

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more

Call +1 800 213 4848 or contact us

to become a Gartner client.