Overview

Access controls provide a critical base for a robust privacy architecture by grounding the concept of a right-to-know (or authorized access to) information. But the qualified use of sensitive data must often rise to higher standards. These often entail a careful balancing of contextually determined requirements and limitations that reflect a user’s need-to-know.

Selective, purpose-driven, and scope-driven revelation (collectively referred to as “data revelation” throughout the chapter) techniques provide a toolbox of practical measures for limiting retrieval and use of data in accordance with discrete, well-defined use cases and operational needs. These practices can provide clear conditions to justify refining and focusing the scope of information exposure and processing even more tightly than controls established by access privileges alone. Minimizing data exposure in this way can mitigate the risks (both perceived and actual) of privacy harms from over-broad disclosure and unwarranted repurposing of data. They constitute an integral part of privacy-protective systems architecture.

The Case for Data Revelation

In the era of ubiquitous data collection, plummeting capture and storage costs, and immense potential to create emergent privacy harms through the intermingling of disparate data sources,¹ there is an ever-increasing need to address privacy risks at the level of information processing and data exposure. Access controls go a long way ...