Privacy is today an important concern for both data
providers and data users. Data generalization can provide signicant protection of an individual's privacy, which means the data value can be replaced by a less specic but semantically consistent value and the personal information can be collected in a generalized form. However, over-generalized data may render data of little value. A key question is whether or not a certain generalization strategy provides a sufficient level of privacy and usability?
In this paper, we introduce a new approach, called
privacy-aware generalization boundaries, which can
satisfy the requirements of both data providers and
data users. We propose a privacy-aware access control model related to a retention period. Formal definitions of authorization actions and rules are presented. Further, we discuss how to manage a valid access process and analysis the access control policy. Finally, we extend our model to support highly complex privacy-related policies by taking into account features of obligations and conditions
