Determining who has access to personal data is an ongoing problem facing information system entities. The establishment of trust and its representation for known and unknown entities within the system further complicates access control rights allocation. One unique solution is through the application of graph representation to aid in the identification and management of privacy, trust and security requirements. Graphs provide a much better mental map than would textual information. In this paper we use graphs to represent informational relations concerning trust levels between entities for privacy and security requirements.