Ciphertext-Policy　Attribute-Based　Encryption　(CP-ABE)　is　one　of　the　potent　encryption　paradigms　in　protecting　data　confidentiality　in　the　cloud　data　sharing　scenario.　However,　the　access　policy　of　the　traditional　CP-ABE　is　in　plaintext　form　that　reveals　significant　sensitive　information　of　data　owners　and　data　visitors.　To　mitigate　this　problem,　two　approaches　have　been　proposed　in　the　literature.　One　is　partially　hidden,　where　the　attributes　in　the　access　policy　are　divided　into　two　parts:　the　plaintext　attribute　names　and　the　hidden　attribute　values.　The　other　approach　fully　hides　the　attributes　in　the　access　policy　which,　unfortunately,　hinders　efficient　and　correct　decryption　as　well　as　dynamic　policy-updating.　In　this　article,　we　design　a　security-enhanced　Attribute　Cuckoo　Filter　(se-ACF)　to　hide　the　access　policy　and　propose　a　new　CP-ABE　system,　called　Privacy-Preserving　Policy　Updating　ABE　(3PU-ABE),　which　effectively　integrates　policy　hiding　and　policy　updating.　We　conduct　rigorous　security　analysis　and　performance　evaluation　of　3PU-ABE.　The　results　indicate　that　3PU-ABE　completely　hides　the　access　policy　without　affecting　the　decryption,　and　entails　better　policy　updating　efficiency　than　similar　works.