Hello Guys, I am current doing my Final Year Project's report

I have a question regarding classification of personal information.

Scenario: I have a community that enable users to gather and make mass order purchase.

The participants and organizer's personal information. Like Email, Address, Bank Account number and etc are all publicly posted.

Solution: Currently I am building a website to release this information on demand, example: Organizers would only have access to email, address on the users who participate in their mass order.

Problem: All Academic Reports requires a methodology, principle, to justify me for doing this.

Can some kind soul here point me to the methodology, principle or whatsoever to justify me for doing this.

Example: Method to classify personal information. and Principle which justify me for releasing the information on need to know basics.

Magus