Privacy has become a rich area of legislation and legal action over the last decade. Many nations and regions (such as the European Union), following broad public concern, have enacted privacy regulations, including
• Data sovereignty: These regulations cover where data collected about citizens or residents may be stored and tightly control where information can be transferred to another area.
Data storage and transfer are negotiated between countries.
• Consent and notification: Many countries require companies to notify users when collecting data and tell users how their data will be used.
• Restrictions on data collection about minors: Some governments require a parent or legal guardian to consent for a minor. A minor cannot, in other words, consent to data collection.
• Breach reporting: Almost every government now has regulations about reporting breaches. How long after a breach occurs, who is impacted, who the breach must be reported to, and what kinds of information were taken in a breach are all often covered by these regulations.
Engineers cannot ever hope to become legal privacy experts, but engineers should be aware of these laws and who to talk to in their organization about complying with these regulations.
Privacy Tools
Many clever ways exist to improve user privacy; Figure 18-4 illustrates some options.
Figure 18-4 Privacy Tools
Short of destroying data, you can either deidentify or hide it to preserve privacy. Figure 18-4 is not exhaustive; every available privacy tool is not shown. The following sections explain the deidentification tools shown in Figure 18-4.
Note
Chapter 20 discusses encryption in detail, so it is not considered here.
Note
The final section of this chapter discusses authentication, authorization, and accounting (AAA).
Deidentification tools can be applied
• After data is collected and before it is processed or stored.
• When data is pulled from storage for processing or use.
Negative aspects of deidentification tools include
• Reducing the data’s usefulness.
• Not entirely hiding an individual user’s identity.
Data analysts and data scientists use mathematical models to control the amount of change introduced into a data set to achieve the maximum deidentification level while preserving the data set’s usefulness.
Suppression
Suppression removes data that can be used—alone or in combination with other pieces of data—to identify a person.
Figure 18-5 shows how data suppression works.
Figure 18-5 Data Suppression
In Figure 18-5, the city and last name fields have been removed from the data set, making it more difficult to relate each record to a specific individual. Many people with a first name of Sneezy might live in Kentucky.
Suppression is always used on already-collected data. In many cases, it is better to minimize data collection—or to collect only what is needed to solve a specific problem—and then discard the information once used.