Access control solutions for open systems are typically based on the assumption that a client may adopt approached specifically designed for the server to protect the disclosure of her sensitive information. These solutions however do not consider the specific privacy requirements characterizing the client. In this paper, we put forward the idea of adopting a different model at the client-side, aimed at minimizing the amount of sensitive information released to a server. The model should be based on a formal modeling of the client portfolio and should easily support the definition of privacy preferences and disclosure limitations for empowering the user in the release of her personal information.