One of the most important aspects of security organization is to establish a
framework to identify security significant points where policies and procedures
are declared. The (information) security infrastructure comprises entities,
processes, and technology. All are participants in handling information, which
is the item that needs to be protected. Privacy and security information
technology is a critical and unmet need in the management of personal
information. This paper proposes concepts and technologies for management of
personal information. Two different types of information can be distinguished:
personal information and nonpersonal information. Personal information can be
either personal identifiable information (PII), or nonidentifiable information
(NII). Security, policy, and technical requirements can be based on this
distinction. At the conceptual level, PII is defined and formalized by
propositions over infons (discrete pieces of information) that specify
transformations in PII and NII. PII is categorized into simple infons that
reflect the proprietor s aspects, relationships with objects, and relationships
with other proprietors. The proprietor is the identified person about whom the
information is communicated. The paper proposes a database organization that
focuses on the PII spheres of proprietors. At the design level, the paper
describes databases of personal identifiable information built exclusively for
this type of information, with their own conceptual scheme, system management,
and physical structure.