Theses and Dissertations from DePaul University

Date of Award

Spring 2026

Degree Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

College

College of Computing and Digital Media

First Advisor

Alexander Rasin

Abstract

Data privacy requirements are a complex and rapidly evolving component of the data management landscape. Obligations regarding how long data must be retained, when it must be destroyed, and under what conditions it may be processed arise from numerous sources. Increasing attention to data privacy and protection has resulted in an expanding set of regulations, including government mandates such as the United States Health Insurance Portability and Accountability Act (HIPAA) and the European Union’s General Data Protection Regulation (GDPR).   Within a database, even a single value within a row may be subject to multiple, overlapping retention and destruction requirements. Rules may also dictate when customer data can be processed without explicit consent or when such consent is required. For example, organizations seeking to use customer information for marketing must either ensure anonymity or obtain the customer’s permission. These intersecting and sometimes conflicting policies create significant complexity. Current storage systems lack robust, built-in support for managing these compliance requirements, leaving organizations to create manual, ad hoc processes. Reliance on manual approaches increases the risk of non-compliance, posing threats to both data privacy and organizational integrity.     This dissertation contributes a benchmarking-based evaluation of technical mechanisms for enforcing data storage and usage requirements, as well as the design and implementation of an automated and comprehensive data management compliance framework for both relational and NoSQL (JSON-based) database systems. This research evaluates the trade-offs in deployment and use of compliance frameworks in relational databases. In addition, we investigate the true performance cost of access-control mechanisms within relational databases. This dissertation focuses on measuring the performance implications of compliance-enforcing frameworks as data moves through its life cycle—an aspect notably absent from traditional benchmarking methodologies. Our evaluation uses a Python-based implementation for PostgreSQL and MongoDB to validate and analyze the proposed automated compliance mechanisms while ensuring that regulatory requirements are consistently upheld. The methodology is informed by a review of the history of database and forensic benchmarking and by over 25 years of professional experience.

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Download

Available for download on Friday, May 21, 2027

Share

COinS