US20040148290A1 - Method, system and program product for private data access or use based on related public data - Google Patents

Abstract

Records in a public data set are related by a logical link to records in a private data set. The public data set may be generally read whereas the private table has restricted access. Authorization to view private data records is provided by keys or coded Web URLs. In one embodiment, an application accesses the data on behalf of the viewer and undertakes the use requested of the data without revealing the contents of the record to the viewer.

Description

CROSS-REFERENCE TO RELATED APPLICATION
• The invention disclosed in this application is a divisional of application Ser. No. 10/390,956 “SENDING ADVERTISEMENTS TO CUSTOMERS IDENTIFIED BY A NON-VIEWABLE DATABASE” filed Mar. 18, 2003 which is a divisional of application Ser. No. 09/563,639 filed May 2, 2000 now abandoned. The disclosure of the forgoing application is incorporated herein by reference.[0001]
TECHNICAL FIELD
• The present invention in relates in general to the field of data processing, and in particular to a method, system and program product for allowing the viewer of a public data set to access related records in a private data set based upon a link which may be selectively provided to the viewer to authorize such access. Access, in alternative embodiments of the invention, may entail the ability to generally read entries in the private data set, or access may be provided in such a manner that the viewer may use the data only in strictly defined ways which may preclude discerning any specific entries in the private data set for a given public record. Specific applications may include the creation of a customized access restricted Web site based upon the private data or a targeted customized marketing deliverable such as advertising via e-mail or conventional mail based thereupon.[0002]
BACKGROUND OF THE INVENTION
• The incredible growth of the Internet has provided ready access to a wealth of information. The World Wide Web is an ever-expanding repository of information spanning any and all conceivable topics limited only by the imagination of the information content provider. The overwhelming benefits attendant to this ubiquity, however, are counterbalanced to some extent by the inevitable loss of privacy associated with accessing a global computer network.[0003]
• As the Internet evolves into the dominant commercial medium, merchants seeking to leverage data about Internet user's to better focus their marketing efforts must do so in a manner that respects the privacy interests of their intended customer. Such interests have been the focal point of messages from leaders in government and in the high technology industry. The common theme being that in order to assure the unimpeded commercial growth of the Internet, it is vital that the protection of individual privacy interests is accorded paramount importance. In fact, many leading technology companies refuse do business on-line with firms that do not have a satisfactorily articulated policy on privacy concerns. Industry-backed organizations such as Trust-E help businesses and consumers ensure that they are dealing with companies that have placed the proper importance on on-line privacy rights. Moreover, recent public outcries over intrusive Internet advertising practices are cautionary tales for overzealous Internet marketers.[0004]
• From the foregoing it can be seen that solutions which provide a means for merchants to make use of customer data while still protecting the privacy interests of individual user's engender considerable interest from the participants in the Internet economy. Owing to the heterogeneous nature of the machines and devices connected to the Internet, simplicity in implementation is a necessary ingredient if any such solution is to be viable. Moreover, the solution should provide the requisite flexibility to allow an Internet user to proactively indicate their desire to selectively provide their private data to selected merchants while their public data (i.e., data which does not reasonably compromise the privacy concerns of the user) is provided to the general audience of merchants on the Internet. Another desirable feature of such a system would be the ability to enable a merchant to target an unidentified consumer via access to such public data, and to provide a “blind” access to private data enabling the merchant to perform target marketing to the unknown consumer based upon public data and the “blind” private data access. Finally, the system should provide access to the private database for performing data mining operations or other types of analysis which do not expose the individual records therein and accordingly raise no privacy concerns. At the present such a system does not exist, and its absence has created a difficult commercial landscape for on-line merchants.[0005]
SUMMARY OF THE INVENTION
• The foregoing shortcomings of the prior art are overcome and further advantageous features are provided by the present invention wherein is taught a method, system and program product for enabling a requester with read access to public data to read and/or make use of related private data.[0006]
• In an embodiment of the invention, data entered by a consumer into a Web form is separated into related records in a public and private data set. The public records would be available without restriction for read access by a population of merchants. The private records would be available only per the indication of the consumer to the merchant in the population. The records may, in an embodiment, be logically linked by the inclusion of a common key value into each of these records to indicate, for example, that these records emanated from a common source.[0007]
• Upon entering the data the consumer may be prompted to indicate whether they wish to provide merchants with access to their private data. This may, in a preferred embodiment, take the form of a box on the Web form which may be checked to indicate that the consumer wishes to be contacted. The consumer may be offered and opportunity to choose among the population of merchant the select merchant to whom they wish their private data to be provided.[0008]
• Once selected, in accordance with an embodiment of the invention, the merchants may be provided with a pass code, which may in a preferred implementation, be the key value linking the public and private data records in their respective data sets. With the pass code the merchants are provided with the ability to view the particular consumers private data record in the private data set.[0009]
• In another embodiment of the invention upon designation by the consumer, the various logically linked records in public and private tables for that consumer may be collected and assembled into an output Web page. The Web page is provided at a uniform resource locator (URL) which has been coded with the common key value linking the related records or with another pass code. The merchant for whom access has been indicated is provided either via e-mail or otherwise, with a hyperlink to the coded URL thereby enabling the selected merchant to access both the public and private data.[0010]
• In yet another set of embodiments, read access is not provided to the private data record, however, an application with access to the private data allows the merchant to make use of the data without being able to read the data. In this manner the consumer need not decide whether or not to allow some or all of the merchants to view their private data, however all of the merchants are given the advantage of the ability to use the private data without compromising the privacy of the consumer.[0011]
• In an exemplary embodiment the merchants are afforded unrestricted read access to the data records in the public data set and are provided with the ability to data mine or statistically process the whole of the private data set while being restricted from reading any of the individual data records therein.[0012]
• In another embodiment the merchants are provided with read access to the data records in the public data set, and based on such read access may make a request of an application which has access to the related private data records in the private data sets. The application permits the merchants to use data in the related private records to target, customize and transmit marketing materials to the consumer audience based on their public data and using but not revealing their private data. In this manner the consumer population is benefited by a system which respects their privacy interests and the merchant population is permitted to make use of the large and growing pool of data available about their potential customers.[0013]
BRIEF DESCRIPTION OF THE DRAWINGS
• The subject matter which is regarded as the invention is particularly pointed out and distinctly claimed in the claims at the conclusion of the specification. The foregoing and other objects, features, and advantages of the invention are apparent from the following detailed description taken in conjunction with the accompanying drawings in which:[0014]
• FIG. 1 illustrates a set of data elements parsed into private and public data sets;[0015]
• FIG. 2 depicts the separation of public and private data into their respective data sets and a consumer designated access for specified members of the viewing population to the private data set;[0016]
• FIG. 3 illustrates an alternative embodiment wherein the combined public and private data is provided to a merchant in the form of a customized Web page using a specific key inserted into the uniform resource locator (URL) for the Web page;[0017]
• FIG.[0018]4 illustrates a flow diagram detailing the steps involved in practicing the embodiments of the inventions described via reference to FIG. 2 and FIG. 3;
• FIG. 5 depicts an embodiment wherein unrestricted access is permitted to a public data set and wherein access is denied to individual records and of a private data set, but wherein access to statistical information regarding the records in the private data set is permitted;[0019]
• FIG. 6 illustrates an embodiment of the invention wherein an application with access to the private data set allows a merchant to have blind access to the private data wherein the data may be used, but not read, by the merchant;[0020]
• FIG. 7 depicts an example of marketing material that is constructed to be tailored by insertion of public and private data and customized by the values in the private data set and transmitted to a consumer at an e-mail address from the private data set; and[0021]
• FIG. 8 presents a flow diagram illustrating the steps involved in implementing the system of FIGS. 6 and 7.[0022]
BEST MODE FOR CARRYING OUT THE INVENTION
• Fundamental to the implementation of the present invention is the notion that a set of data may be parsed into private and non-private elements. At the most simplistic level this might entail, for example, identifying input fields on a Web page as requiring sensitive data input such as an address, credit card or social security number, versus non-sensitive information such as the name of the item being purchased, the date, time etc.. At a more sophisticated level this notion might entail the combination of otherwise non-sensitive data elements into a combined sensitive data construct. For example, information such as the state and town in which a person resides may be itself be deemed not sensitive but when combined with the person's occupation and alma mater, it may become a simple task to narrow the field down to a single person, and as such the combination of that data may be deemed sensitive. For purposes of the present invention the mechanics by which the various data elements are parsed into sensitive and public data sets is not critical, however the notion that such separation, at various levels of sophistication and granularity can, and does occur, is essential to the practice of the invention.[0023]
• FIG. 1 illustrates such a distribution of data which may emanate from a customer input source such as common gateway interface (CGI) fields on a[0024]Web page100 into public101 and private102 data sets. It is of course understood that the source of such data may come from any number of sources, including without limitation, surveys, transactional data, etc. and is not limited to customer interactions over the World Wide Web. As previously noted, such separation of data elements may be accomplished using known techniques to any desired level of granularity, resulting potentially in multiple public and private data sets and in the combination of individuallypublic data sets103,104 into a combinedprivate data set105. The public101 and private102 data sets are, in a preferred embodiment, relational databases such as DB2 (DB2 is a registered trademark of IBM Corporation).
• As a result of the distribution of data elements among various public and private data sets, it is desirable to establish a level of control over access to the public and private data stored therein. For purposes of the present invention it will suffice to assume that a public data set is available, without restriction, to the entire population of Internet users, or, as will more likely be the case, to a select subset of[0025]merchants107 who subscribe to a marketing service that accumulates such data. With the public data elements, however, as opposed to data elements in the private data sets, there are no discrete access restrictions in place which would prevent a general member of the potential population from viewing the data from undertaking such access. The present invention is directed toward providing the level ofcontrol108 required in keeping the public and private data separate, and allowing access to the private data either at the explicit direction of the consumer109 (the individual that is the subject of the public and private data) or in such a manner as to protect the privacy concerns of the consumer.
• In a first embodiment of the invention, illustrated in FIG. 2, a[0026]consumer201, upon entering information to aWeb page202, is given an option203 to designate that they wish to be contacted regarding the particular Web transaction. As an example we will assume that the Web page is in the form of a questionnaire soliciting information regarding the make up of the information technology infrastructure of the consumer's business. As illustrated in FIG. 2 the consumer is asked to enterinformation204 regarding the hardware platforms and software systems he/she is running as well as storage solutions and communication technologies comprising the consumers business. The particular responses to theses technical queries, for purposes of this example, we will designate as being public data. That is to say, the particular hardware, software and storage solution responses made by the consumer will be stored as asingle record213 in apublic data set205. The public data set does not impose any access restrictions to itsviewing audience206. Other items of information, such as the name, location, phone, e-mail, revenue, number of employees, may for our purposes, be designated as asingle record214 ofprivate data elements207 and as such will be stored separately in aprivate data set208 which imposes certain restrictions on access by theviewing audience206.
• The[0027]single record213 in thepublic data set205 is related logically215 to thesingle record214 in theprivate data set206. The link authorizing a viewer of a record in thepublic data set205 to related data in theprivate data set206 makes use of this logical relation between the records stored in the table to ensure that the public data and private data for which access is provided correlate to one another. In a preferred embodiment the logical link between a record in the public and the private data sets is a randomly generatednumeric key215, in a manner known to those skilled in the art of a random design.
• If the[0028]consumer201 designates a desire to be contacted203, the consumer's contact information, which may for example include any or all of the following: name, address, phone, and e-mail, has been stored in theprivate data set208, and linked by the logically relatedrecords213,214 will become accessible to those members of theviewing audience206 designated by the consumer as a potentially desired marketing contact210. In an embodiment, the consumer may be presented with amenu211 of potential solution providers, which may be segmented based upon the types of solutions which the customer is interested in learning more about. As such, the customer may be provided with a list of, for example, hardware only or hardware and software vendors. This level of control allows the customer to selectively provide his/her contact information to a subset of theviewing audience206 with whom the customer wishes to interact, without opening up the otherwise private data to theentire viewing audience206 for uncontrolled public access.
• Once the[0029]consumer201 has selected the set of merchants with whom contact is desired, a number of mechanisms may be employed to provide access to the designated merchants. In a preferred embodiment, the merchants may be provided with a the value of the key XXXXXX identifying therecords213,214 with which access to the designated contact information may be enabled. It is useful to note that the present invention contemplates that provision of access to the data elements in the private data set may be made on an element-by-element basis, that is to say, that the merchant may be provided with access to certain select pieces of private data within thesingle data record214, such as the contact information (name, address, phone number, e-mail) but not to other sensitive data such as revenue, credit card etc..
• In another embodiment, depicted in FIG. 3, the combined information including the contact information from the private data set and the technical data from the public data set may be provided to the merchant by way of a customized Web page using a uniform resource locator (URL) that includes the command required for accessing the restricted data set.[0030]
• Turning to FIG. 3 it is seen that a web form may generate a number of data sets[0031]301a-dincluding demographics301a,server data301b,user data301c,andcost data301d.Any of these data sets may be designated as including private data, and the remaining data sets include public data. Each time a new customer enters web form data, a record is created in the respective DB2 tables302a-dassociated with the segmented data301a-d.It may be further observed that related records stored in tables302a-dare assigned a common value in the “key” field. In the illustration, for example, it can be seen that thekey value 123456789876 is assigned to the records for John Doe. Table302aholds demographic information including John Doe's name, address etc.. Table302bindicates the number of each type of server John Doe has in his enterprise (50 Server A, 35 Server B, . . . ), and is linked to related records in other tables by the inclusion of thekey value 123456789876 in the key field. Likewise, table302cincludes a record indicating the number of users for each server type indicated in table302band linked by thekey value 123456789876 to the records in tables302a, bandd.Finally, table302dincludes information regarding the cost of each of the server types for John Doe, linked to the related records in the other tables302a-cby the inclusion of thekey value 123456789876.
• The related records in these tables may be aggregated through a[0032]tool303 which, in response to a designation by the consumer who has entered the data (John Doe in our example) will aggregate the related records in the various tables302a-dinto anoutput web page304 which will present an analysis of the data that will entice the customer to request that he be contacted by a merchant. The consumers information will be made accessible to a merchant with whom the designated contact is designated, for example, by way of ane-mail305 provided to the merchant and including a hyperlink to the key-coded URL. Via the key-coded URL the merchant may access thequery page306 including the combined related records for John Doe joined by the logical relationship of thekey value 123456789876. In a preferred embodiment the Web access to this combined table data may be accomplished by use of the IBM Net.Data software product.
• Regardless of whether the implementation illustrated in FIG. 2 or FIG. 3 is undertaken, once the merchant has access to the[0033]private data208 through this process, the merchant may use that data to market their solutions to theconsumer201. Since access to this private data was initiated by actions taken by theconsumer201, the subsequent contacts from the merchants will be anticipated by the consumer and will not be considered by the consumer as encroaching on his/her privacy interests.
• A flow diagram[0034]400 provided in FIG. 4 illustrates the steps undertaken in practicing the foregoing embodiments. In step401 a consumer enters data into a web form. Instep402 the entered data is separated and inserted as data records in public and private data sets which records are linked by a common key value assigned thereto and which may be stored in the tables as part of the record. Atdecision point403 it is determined whether the consumer has indicated (via an entry on the web form or otherwise) a desire to be contacted by a merchant (or for that matter more specifically a willingness to permit a view of their private data). If the consumer has indicated a desire to have their private data remain private, the “no” path is traversed an the process is ended404. Alternatively, if the consumer indicates that their data may be accesses the “yes” path is traversed and the process continues either in accordance with the embodiment described in FIG. 2 (steps405-406) or FIG. 3 (steps407-410).
• The remaining steps in accordance with the embodiment for FIG. 2 are as follows: The consumer may optionally select[0035]405 particular merchants from the population of merchants with access to thepublic data set205. Of course, the consumer may merely indicate that they wish their data to be accessible or restricted on a global basis as well. The selected merchants are provided with a key which enables them to access theprivate information406. Optionally, the key may be the logical link between the data in the public and private data sets. The process is then ended411.
• The remaining steps in accordance with the embodiment in FIG. 3 are similar: Once again the consumer may optionally select among the population of merchants with access to the public data, certain merchants to whom they wish to grant[0036]private data access407 or access may be granted globally. Next instep408 the various tables of data302a-dwhich may contain private or public information are aggregated into a query result web page having a URL which is coded with an identifier which in a preferred embodiment is thekey value 123456789876 used to logically relate the records in the various tables302a-d.Instep409 those vendors for whom access has been indicated by the consumer instep407 are provided with an e-mail including a hyperlink to the key-coded URL through which the merchant may access410 the results of the combined consumer data. The process is then ended411.
• As will be appreciated, the foregoing embodiments possesses numerous advantageous features. The separation of data into public and private data sets creates a volume of public data which is generally usable by the viewing public[0037]206. This data has value by itself for marketing purposes, as it can be used for data mining to spot trends, in IT purchasing etc. Moreover, the selective access203 to theprivate data set208 provides a merchant with consumer-controlled access to private data which prevents massive unintended access while allowing those selected merchants to benefit from access to the data.
• While the previously described embodiment of the invention does address certain privacy concerns it also severely limits the use of the data designated as private. In particular, since the prior implementations enable the selected merchants to view the consumer's private data, it is to be expected that the set of selected merchants would be relatively small. Accordingly, the implementation does not equally benefit the entire community of merchants.[0038]
• Further alternative embodiments of the invention provide a mechanism wherein the entire viewing audience of the public data may benefit from access to the private data without exposing the private information to the viewing audience. This type of access would not have as a prerequisite an explicit authorization for the merchant access by the customer. In this model such authorization is not needed since the access itself will entail constraints preventing the merchant from perceiving the data elements in the[0039]private data set208. That is, in general, this type of access would entail a restricted form of access to the private data set which would allow any merchant to use the information stored therein without enabling the merchant to perceive any individual data entries.
• A very simplistic alternative embodiment that addresses such concerns is illustrated in FIG. 5. In FIG. 5 the a[0040]viewer501 of thepublic data set502 is granted a restricted access to theprivate data set503 wherein the ability to read the contents ofindividual data records404 is inhibited505, however the ability to statistically evaluate or data mine the entire private data set is enabled506. In this manner, a viewer of thepublic data set502 may benefit from the access to theprivate data set503 without revealing any of the discrete private data elements stored within thedata records504 therein.
• Another interesting embodiment that permits limited access to the data entries in the private data set while preventing the merchant from reading the individual data entries therein is described via reference to FIG. 6. A[0041]viewer601 of apublic data set602 can identifyvarious records603 as belonging to the same consumer by virtue of anidentifier field604, which includes a unique value for each consumer, but which in no way reveals the identity of the consumer. For example,public records1,3 and4 all show the consumer ID as 21123. This indicates that the same consumer is associated with these public data records, however it does not reveal any of the consumer's private data entries which are retained indata records605 stored in theprivate data set606. For purposes of consistency we shall refer to this consumer ID as identifying but not revealing the consumer. Revealing the consumer, according to the invention, would entail providing read access to thedata records605 for that consumer in theprivate data set606 to themerchant601. The premise of the present embodiment is to use theidentifier604 to permit a merchant to make use of theprivate data entries605 for the consumer without providing the merchant with the ability to read those entries, we shall refer to this as “blind access” to the private data, hence the merchant secures the benefits of accessing the private data for the consumer without revealing the consumer to the merchant.
• Upon analyzing the public data set[0042]602 amerchant601 may locate a particular piece or pieces of data regarding aconsumer21123 which incent the merchant to want to have blind access to the private data. For example, by analyzing the entries in thepublic data set602, amerchant601 selling tennis lessons may notice that aparticular consumer21123 has recently purchased a new tennis racquet (record1), tennis balls (record3) and tennis shorts (record4). Based on the foregoing records themerchant601 may determine thatconsumer21123 is an ideal candidate for his tennis lessons. In our example, we will assume that themerchant601 has a marketing deliverable which he would like to automatically customize and e-mail toconsumer21123, assuming that the consumer resides within the same state as at least one of one the merchant's various tennis centers (NY, NJ or CT.).
• A[0043]separate application607 with access to theprivate data set606 serves as an interface for messages generated by themerchants601 which may include certain data elements from thepublic data set602. Theapplication607 enables the so-called blind access to the data in theprivate data set606.
• In our example the merchant would send a soft copy document such as the one illustrated in FIG. 7. The[0044]document700 would include variables701 representing the data elements to be inserted from theprivate data set606 and may be pre-populated withdata602 from the related records (records1,3 and4 belonging to identifier21123)public data set602.
• In a preferred embodiment the[0045]merchant601 may impose acondition608 on the execution ofapplication607 so as to limit the execution of the application to those private data records which satisfy the condition. In our example themerchant601 has forwarded thedocument700 to theapplication607, and has instructed that thename609 of the owner of the record having theidentifier21123 be inserted into the document, as well as hisaddress610, and that the document be forwarded to the owner'se-mail address611, however, the merchant only desires that such actions be performed where the owner's state of residence (610a) is equal to NY, NJ or CT, the states in which his tennis centers are located. Moreover, certain portions of thedocument700 may be conditioned on the values of the data in the private table606. For example, in the greeting the selection between the title Mr. or Ms. May be conditioned on the value of thegender field612 for therecord21123.
• If the conditions are met, the[0046]data609,610 from theprivate data set606 is inserted into the designated positions in document600 and the document is forwarded by theapplication607 to the owner'se-mail address611. It is important to note at this point that at no time throughout this process has themerchant601 had the ability to read any of the data in theprivate data set606. Notwithstanding this restriction however, themerchant601 was able to identify, via access to purchase data in apublic data set602, public purchase records belonging to aconsumer21123 who, based on these purchases, may be interested in receiving targetedmarketing700 from themerchant601. With nothing more than this public data, the merchant is permitted to create a a targetedmarketing document700 utilizingpublic data602 and through the use of an application507, is provided with the means to have appropriateprivate data609,610 inserted into the document to further refine the marketing material to the consumer without being given the ability to read the private data. Furthermore, the insertion of the private data and subsequent transmission of the document to theconsumer21123 may be conditioned on the satisfaction of conditions based on the private data which are imposed by the merchant and evaluated by the application. Accordingly, the merchant may create a targeted marketing deliverable tailored specifically to an individual consumer and send it to that individual consumer using but not ever seeing the consumer's private data. This satisfies the merchant's desire to make use of the consumers purchasing data to better focus his marketing, while respecting the privacy interests of the consumer.
• The flow diagram[0047]800 in FIG. 8 illustrates the steps undertaken in performing the embodiment of the invention as described in FIGS. 6 and 7. Starting atstep801 data from a consumer is parsed into related records in public and private tables. Next, instep802 the merchant examines public data to identify records whose owner has interests aligned with the merchant's offerings. Next, instep803 the merchant may utilize the data from the public table to tailor a marketing deliverable to the owner of the identified record in the public table fromstep802. Instep804 the merchant makes a request of an application which has access to the data in the private table to access the private table, and specifically the record in the private table related to the identified public record fromstep802, here the merchant may optionally impose conditions on the accessing of the private table by the application. If the merchant imposes conditions they are analyzed atdecision point805 if they are not met the process is ended806, if they are met the application is instructed to use the private table data for the related record to complete the marketing material, and to send the material to the owner of the identified public and private data records807. Finally, the process is ended atstep808.
• It is understood that while the foregoing embodiment has been directed at the creation and transmitting of marketing materials other implementation which make use of the related records between a public and private table and an application which enables “blind access” to allow an entity to make use of the private records without revealing such private data to the entity would be considered to fall within the scope of the present invention. Moreover, while the foregoing invention has been described by reference to several preferred embodiments it is to be understood that various alterations, improvements and modifications may be made by those skilled in the art without departing from the spirit of the invention. These are considered to be within the scope of the present invention as defined by the following claims.[0048]
• The present invention can be included in an article of manufacture (e.g., one or more computer program products) having, for instance, computer usable media. The media has embodied therein, for instance, computer readable program code means for providing and facilitating the capabilities of the present invention. The article of manufacture can be included as a part of a computer system or sold separately.[0049]
• Additionally, at least one program storage device readable by a machine, tangibly embodying at least one program of instructions executable by the machine to perform the capabilities of the present invention can be provided.[0050]
• The flow diagrams depicted herein are just examples. There may be many variations to these diagrams or the steps (or operations) described therein without departing from the spirit of the invention. For instance, the steps may be performed in a differing order, or steps may be added, deleted or modified. All of these variations are considered a part of the claimed invention.[0051]
• Although preferred embodiments have been depicted and described in detail herein, it will be apparent to those skilled in the relevant art that various modifications, additions, substitutions and the like can be made without departing from the spirit of the invention and these are therefore considered to be within the scope of the invention as defined in the following claims:[0052]

Claims (45)

What is claimed is:

1. A method for accessing data records in a private data set having restricted access, the records in the private data set being accessible only by authorized users, the method comprising the steps of:

separating a data record into a public data record stored in a public data set and a private data record stored in a private data set;

creating a logical link logically relating the public data record with the private data record;

receiving a request from a user to perform a predefined operation, the request comprising information from the public data record, the user not authorized to access the private data set;

finding the private data record using the information from the public data record received from the user in combination with the logical link; and

performing the predefined operation using the private data record.

2. The method according toclaim 1 wherein the logical link comprises a key value stored in the public data record and the private data record.

3. The method according toclaim 1 wherein the information from the public data record received from the user comprises a key value stored in the private data record.

4. The method according toclaim 1 wherein the predefined operation comprises blind analysis of data in a plurality of private data records.

5. The method according toclaim 4 comprising the further step of forwarding the results of the blind analysis to the user.

6. The method according toclaim 1 wherein performing the predefined operation comprises the further steps of:

using information from the private data record as a network address; and

transmitting a message to the network address.

7. The method according toclaim 6 wherein the message comprises email.

8. The method according toclaim 6 wherein the message comprises message information from any one of the private data record or the public data record.

9. The method according toclaim 6 wherein the message comprises marketing material.

10. The method according toclaim 1 wherein the performing the predefined operation step is performed only when a required condition is satisfied.

11. The method according toclaim 10 wherein the required condition is based upon information in the private record.

12. The method according toclaim 1 wherein the private data record comprises data regarding any one of a link ID, a key, a consumer or an enterprise.

13. The method according toclaim 1 wherein the public data record comprises data regarding any one of a link ID, a key, a consumer or a product.

14. The method according toclaim 1 wherein the performing the predefined operation step comprises the further step of retrieving data from any one of the private data record or the public data record.

15. The method according toclaim 14 comprising the further step of forwarding the retrieved data to the user.

16. A system for accessing data records in a private data set having restricted access, the records in the private data set being accessible only by authorized users, the system comprising:

a separator separating a data record into a public data record stored in a public data set and a private data record stored in a private data set;

a logical link creator for logically relating a public data record element with the private data record;

a receiver receiving a request from a user to perform a predefined operation, the request comprising information from the public data record, the user not authorized to access the private data set;

a record finder finding the private data record using the information from the public data record received from the user in combination with the logical link; and

an application performing the predefined operation using the private data record.

17. The system according toclaim 16 wherein the logical link comprises a key value stored in the public data record and the private data record.

18. The system according toclaim 16 wherein the information from the public data record received from the user comprises a key value stored in the private data record.

19. The system according toclaim 16 wherein the predefined operation comprises blind analysis of data in a plurality of private data records.

20. The system according toclaim 19 further comprising a transmitter forwarding the results of the blind analysis to the user.

21. The system according toclaim 16 wherein the application further comprises:

an addresser using information from the private data record as a network address; and

a sender transmitting a message to the network address.

22. The system according toclaim 21 wherein the message comprises email.

23. The system according toclaim 21 wherein the message comprises message information from any one of the private data record or the public data record.

24. The system according toclaim 21 wherein the message comprises marketing material.

25. The system according toclaim 16 wherein the application performs the predefined operation only when a required condition is satisfied.

26. The system according toclaim 25 wherein the required condition is based upon information in the private record.

27. The system according toclaim 16 wherein the private data record comprises data regarding any one of a link ID, a key, a consumer or an enterprise.

28. The system according toclaim 16 wherein the public data record comprises data regarding any one of a link ID, a key, a consumer or a product.

29. The system according toclaim 16 wherein the predefined operation comprises retrieving data from any one of the private data record or the public data record.

30. The system according toclaim 29 further comprising a forwarder forwarding the retrieved data to the user.

31. A computer program product for accessing data records in a private data set having restricted access, the records in the private data set being accessible only by authorized users, the computer program product comprising a computer readable medium having computer readable program code therein, the computer program product comprising:

computer readable program code for separating a data record into a public data record stored in a public data set and a private data record stored in a private data set;

computer readable program code for creating a logical link logically relating a public data record element with the private data record;

computer readable program code for receiving a request from a user to perform a predefined operation, the request comprising information from the public data record, the user not authorized to access the private data set;

computer readable program code for finding the private data record using the information from the public data record received from the user in combination with the logical link; and

computer readable program code for performing the predefined operation using the private data record.

32. The computer program product according toclaim 31 wherein the logical link comprises a key value stored in the public data record and the private data record.

33. The computer program product according toclaim 31 wherein the information from the public data record received from the user comprises a key value stored in the private data record.

34. The computer program product according toclaim 31 wherein the predefined operation comprises blind analysis of data in a plurality of private data records.

35. The computer program product according toclaim 34 further comprising computer readable program code for forwarding the results of the blind analysis to the user.

36. The computer program product according toclaim 31 wherein computer readable program code for performing the predefined operation further comprises:

computer readable program code for using information from the private data record as a network address; and

computer readable program code for transmitting a message to the network address.

37. The computer program product according toclaim 36 wherein the message comprises email.

38. The computer program product according toclaim 36 wherein the message comprises message information from any one of the private data record or the public data record.

39. The computer program product according toclaim 36 wherein the message comprises marketing material.

40. The computer program product according toclaim 31 wherein the performing the predefined operation step is performed only when a required condition is satisfied.

41. The computer program product according toclaim 40 wherein the required condition is based upon information in the private record.

42. The computer program product according toclaim 31 wherein the private data record comprises data regarding any one of a link ID, a key, a consumer or an enterprise.

43. The computer program product according toclaim 31 wherein the public data record comprises data regarding any one of a link ID, a key, a consumer or a product.

44. The computer program product according toclaim 31 wherein the predefined operation step comprises retrieving data from any one of the private data record or the public data record.

45. The computer program product according toclaim 44 further comprising a computer readable program code for forwarding the retrieved data to the user.

Images