Abstract

When valuable data is exchanged or bought, it is frequently encumbered by restrictions on how it may be used. For example, clinical data must not be used in such a way as to expose the patients’ identities. To date, these restrictions are enforced only contractually and compliance is checked only manually, if at all. To meet the needs of this growing set of applications, we present the vision for a Data Use Manager (DUM). The DUM is a component of a database system that enables the declarative specification and enforcement of sophisticated data use policies and provides capabilities for both their online enforcement and offline audit.