Abstract: Business Record (BR) is an emerging centric model of information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as business information could be exposed to those third party servers and to unauthorized parties. To assure the business data control over access to their own BRs, it is a promising method to encrypt the BRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. To achieve fine-grained and scalable data access control for BRs, we leverage attribute based encryption (ABE) techniques to encrypt all business file. We focus on the multiple data owner scenario, and divide the users in the BR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of data privacy is guaranteed simultaneously by exploiting multi-authority ABE.