One embodiment of the present invention provides a system that controls
access to personally identifiable information (PII) in a database system.
During operation, the system receives a request from an application to
perform a function which involves accessing information in the database
system. In response to the request, the system identifies a purpose that
the application has in making request to perform the function. Next, the
system uses the purpose to identify a set of attributes in the database
system, which are associated with the purpose. The system then determines
if any of the identified attributes contain PII. If so, the system
enforces access controls while accessing the identified attributes
containing PII.