College of Computing and Digital Media Dissertations

Date of Award

Spring 5-24-2024

Degree Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

School

School of Computing

First Advisor

Alexander Rasin, PhD

Second Advisor

Boris Glavic, PhD

Third Advisor

Tanu Malik, PhD

Fourth Advisor

Karen Heart, JD

Abstract

Data privacy requirements are a complex and quickly evolving part of the data management domain. How long data must be retained, when data must be destroyed, and under what conditions data is processed is subject to rules from a variety of sources. There is a focus on data privacy and protection resulting in rules from a variety of sources including government requirements (e.g., United States Health Insurance Portability and Accountability Act and the European Union's General Data Protection Regulation).

Within a database, a single value within a row can be subject to multiple requirements on how long it must be preserved and when it must be irrecoverably destroyed due to an overlap between different rules. Additionally, rules may place restrictions on when customer data can be processed without the customer's consent or when consent must be obtained. For example, if an organization were to process data for marketing, either customer anonymity must be preserved, or consent must be obtained to use customer personal information. This often results in a complex set of overlapping and potentially conflicting policies. Existing storage systems are lacking sufficient support functionality for these critical and evolving rules, making compliance an underdeveloped aspect of data management. As a result, many organizations must implement manual ad-hoc solutions to ensure compliance. As long as organizations depend on manual approaches, there is an increased risk of non-compliance, resulting in a threat to customer data privacy.

This dissertation's contribution is a technical solution for complying with these data storage and usage rules by detailing and implementing an automated comprehensive data management compliance framework within relational and NoSQL JSON database management systems. A legal evaluation and analysis of these government rules is beyond the scope of this research. Specifically, we implement and evaluate a compliance framework using a Python implementation in Postgres and MongoDB to validate and analyze the proposed automated functionalities, while confirming compliance is maintained.

Download

Available for download on Wednesday, May 28, 2025

Share

COinS