Search

JP-7857036-B2 - Personal data distribution management system and method thereof

JP7857036B2JP 7857036 B2JP7857036 B2JP 7857036B2JP-7857036-B2

Inventors

  • 八木 康史

Assignees

  • 国立大学法人大阪大学

Dates

Publication Date
20260512
Application Date
20241016
Priority Date
20191031

Claims (4)

  1. Each system comprises at least one source data management device, a data distribution management device, and a relay processing device, all connected to a network. The at least one provider data management device is A database that stores as source data, corresponding to an individual's personal data measured by a measuring instrument, the individual's name, and the primary pseudonym associated with the said individual's name, The system comprises a data management unit that manages the transmission of data to the data distribution management device and the relay processing device, The data distribution management device includes a first storage unit that receives and stores a first data table created by the data management unit, which has pairs of personal names and pseudonyms assigned to correspond to those personal names, excluding the items of personal data. The relay processing device includes a second storage unit that stores a second data table, created by the data management unit, which has pairs of the individual's personal data and the pseudonym, excluding the individual's name, by either updating or linking. The data distribution management device includes a request reception unit that receives data usage requests from data user terminals via the network, and when the request reception unit receives a data usage request, it uses the second data table to select the personal data of the individual corresponding to the data usage request, extracts a pseudonym corresponding to the selected personal data of the individual from the first data table to generate data for provision, and outputs it to the data user terminal.
  2. Each system comprises at least one source data management device, a data distribution management device, and a relay processing device, all connected to a network. The aforementioned data management device stores in a database the personal data of an individual measured by a measuring instrument, the individual's name, and the primary pseudonym associated with the individual's name as source data. The data distribution management device receives a first data table, which is created in the data management unit of the provider data management device, excluding the personal data items, and which has pairs of personal names and pseudonyms assigned to correspond to those personal names, and stores it in the first storage unit. The relay processing device stores in the second storage unit, by either updating or linking, a second data table created by the data management unit, which contains pairs of the individual's personal data and the pseudonym, excluding the individual's name item. A personal data distribution management method comprising: when a data usage request from a data user terminal is received by the data distribution management device via the network at the data usage request reception unit, the second data table is used to select the personal data of the individual corresponding to the data usage request, and a pseudonym corresponding to the selected personal data of the individual is extracted from the first data table to generate data for provision, which is then output to the data user terminal.
  3. The network is equipped with multiple source data management devices, data distribution management devices, and relay processing devices, each connected to a network. Each of the aforementioned plurality of data management devices for data providers is: A database that stores as source data, corresponding to an individual's personal data measured by a measuring instrument, the individual's name, and the primary pseudonym associated with the said individual's name, The system comprises a data management unit that manages the transmission of data to the data distribution management device and the relay processing device, The data distribution management device includes a first storage unit that receives and stores each first data table, which is created by each data management unit for each provider data management device, and which has pairs of personal names and primary pseudonyms assigned to correspond to the personal names, excluding the personal data items. The relay processing device includes a second storage unit that stores each second data table, which is created by each data management unit for each of the source data management devices, and which has pairs of the individual's personal data and the primary pseudonym, excluding the individual's name, by either updating or linking. The data distribution management device includes a name matching processing unit that unifies the individual names in each of the first data tables, creates a third data table that assigns a common secondary kana to common individual names, and further stores this table in the first storage unit. The data distribution management device includes a request reception unit that receives data usage requests from data user terminals via the network, and when the request reception unit receives a data usage request, it selects the personal data of the individual corresponding to the data usage request using the second data tables, extracts secondary pseudonyms corresponding to the selected personal data of the individual from the third data table to generate data for provision, and outputs it to the data user terminal.
  4. The personal data distribution management system according to claim 3, wherein the name matching processing unit obtains the personal name and primary pseudonym from each of the provider data management devices, performs a name matching process by comparing the personal name and the primary pseudonym, and generates a unified secondary pseudonym from the primary pseudonym.

Description

This invention relates to a personal data distribution management technology for managing the distribution of personal data collected from multiple individuals. The key to achieving data-driven economic growth and social transformation lies in the effective use of big data. Among big data, personal data, in particular, is attracting significant attention. It is expected that using personal data can benefit various people, such as advancing medical care and promoting health. Furthermore, it is anticipated that personalized services can be developed using the personal data of the target individual, enabling more personalized and higher-quality services, and that highly effective marketing can be achieved through the use of personal data. On June 9, 2017, the Cabinet decided to promote three specific measures to encourage data distribution and utilization across industries and sectors within Japan, as outlined in the "Future Investment Strategy 2017." These measures are: (1) collaboration and utilization of industrial data, (2) utilization of personal data, and (3) promotion of digital transformation in the private sector. In Japan, mechanisms such as Personal Data Stores (PDS), data banks, and data trading markets have been proposed to ensure the proper utilization and protection of personal data, and to strike a balance between the two. In 2019, examples of data banks and data trading markets began to emerge. PDS and data banks are mechanisms that encourage the consent of individuals and the creation of big data from personal data, while data trading markets are positioned as important mechanisms for matching data to promote distribution and utilization. Personal data is acquired by companies each time an individual uses their services, and is often managed and stored in the information systems managed by the company. However, there is a common social understanding that personal data is inherently personal, and that individuals should be able to accumulate and manage their own data and be aware of its existence. Therefore, the flow of personal data is being explored in a direction that starts with the individual (data portability). PDS (Personal Data Storage) was conceived as a system that allows individuals to consolidate and manage the personal data they have provided to companies and easily set usage conditions for each data type. According to the Personal Information Protection Act and guidelines, prior consent from the individual is essential when a company uses personal data, and PDS is a mechanism that systematically realizes this consent. PDS itself is a system that systematically realizes consent and does not include a mechanism for data distribution. For companies, obtaining consent from each individual regarding the use of their personal data and collecting it is costly. An information bank is a mechanism in which individuals set the usage conditions for their own personal data in advance and then entrust some or all of their data to a business operator that operates an information bank. Through integration with PDS (Personal Data Systems), it is also possible to act as an agent for rights management performed by individuals using PDS and similar systems. The information bank can handle all aspects of third-party provision, from negotiating pricing to combining different data sets. In the European Union, the General Data Protection Regulation (GDPR), a set of rules concerning the processing and transfer of personal data, was established in April 2016. The GDPR, which is creating a global trend, requires re-consent when data is provided to a third party. However, since the purpose of use and all users of the data are entrusted to the information bank, it can only be considered blanket consent. Looking at the global context, re-consent when providing data to a third party is essential. Furthermore, regarding the management of "health and medical data" and "financial data" (credit card numbers, bank account numbers), which are classified as sensitive information under the revised Personal Information Protection Act, by information banks, these are not covered by the "Guidelines for Certification of Information Trust Functions ver. 1.0," and are still under consideration, as evidenced by the public comment period in June 2019. A "data trading marketplace" is a data buying and selling mechanism that matches the supply and demand of individuals who directly manage their personal data on their own PDS (Personal Data Services), data banks that manage data on behalf of individuals, and companies (and platforms that are collections of multiple companies) that have a need to collect personal data for the purpose of effectively utilizing their own industrial data. The functions of this marketplace are expected to include price formation and presentation, detailed transaction conditions, standardization of transaction targets, and credit guarantees for transactions. In the distribution of personal data, it is