Data privacy is one of the fundamental needs of the people. In a computing environment, there are various issues of data privacy protection in the enterprise. To enforce the automation of privacy policies and law, access control has been one of the most devoted subjects. Role-based access control model has been proposed to protect customer's data. However, relying on role only is insufficient and inefficient to protect data especially sensitive attributes, and this may cause risks of privacy disclosure to unauthorized and untrusted users. This paper presents a finer-grained access control called Trust, Purpose, and Role-Based Access Control (TPRBAC) model to efficiently protect data particularly sensitive attributes. In the proposed model, purpose and role is applied to permit access to data, while trust is applied to control access to sensitive attributes. A prototype system is developed and tested, and the result shows sensitive attributes are protected. Experiments are conducted to validate the proposed model. The results show that the proposed work is efficient and improved privacy protection. Therefore, this research solves the issue of insufficient and inefficient access control mechanism in protecting data especially sensitive attributes.