Today’s level of ever evolving computer, database, and internet technology has enabled the collection and mining of data, as well as the utilization of that data on a level that was previously unimaginable. Each individual exists in a numerous databases around the world, from purchases made at the local supermarket to purchases made on-line to confidential medical records to credit information, etc. While individually the information that resides within the various databases listed above may not reveal much about a person, access to several databases may provide a detailed and possibly invasive amount of personal information. Inherently, there is a fundamental trade off between the functionality of a database or a database management system (DBMS) and the level of privacy given to the subjects of the database. While there are many benefits to advancements in database and DBMS technology, its advent has also created the possibility for significant abuses. Ideally, the design and implementation of a database would be constructed in a manner that will allow users to obtain and analyze information from a database(s) without allowing its users to access subjects’ private information. This problem can be dramatically reduced by implementing a few measures such as data sanitization and the limitation of executable queries and analyses. Data sanitization can be defined as the process of removing sensitive information from a document or other medium, so that it may be distributed to a broader audience. Sanitization attempts to reduce the personal content present in a database, while at the same time retaining enough functionality to supply the reader/user with the necessary information. The concept of the limitation of analyses is based on providing the user with either a limited amount of preset queries or query variables by which they must operate and/or limiting the number of queries and individual user may execute. References