Abstract
Data security is paramount in the increasingly connected world. Securing data, while in transit and rest, and while under usage, is essential for deriving actionable insights out of data heaps. Incorrect or wrong data can lead to incorrect decisions. So, the confidentiality and integrity of data have to be guaranteed through a host of technology-inspired security solutions. Organizational data is kept confidentially by the businesses and governments, often in distant locations (e.g., in cloud environments), though more sensitive data is normally kept in house. As the security mechanisms are getting more sophisticated, cyber security attacks are also becoming more intensive, so there is a constant battle between the organisations and the hackers to be one step ahead of the other. In this chapter, the aim is to discuss various mechanisms of accomplishing citizens' data confidentiality and privacy and to present solution approaches for ensuring impenetrable security for personal data.
TopData And Data Privacy
Information Technology Act of 2000 defines “DATA” as representation of information, knowledge, facts, concepts or instructions that are being prepared in a formal manner (The Gazette of India, 2000). It is intended for processing and may be stored in any form on papers or on a storage device or in the computer memory.
This 21st century is referred as “information age”. It is witnessing an exponential growth of digital data, and this digital revolution also brings larger disruptions in all the sectors of the society, especially in the digital economy of the world. Personal data processing is ubiquitous and nearly every single transaction activity involves data transaction. Largest global companies of today are data driven. Internet has borne the digital markets with innovative ideas, that only deal with collection, processing, storing and organising the personal data directly or indirectly as a significant component of such businesses. For instance, World’s largest taxi company (known as Uber) owns no vehicles; worlds popular social media “Facebook” creates no content on its own; world’s largest accommodation provider (called Airbnb) owns no real hotels etc; and world’s largest online shopping “amazon” owns no inventory of goods (Tom Goodwin, 2015).
In the last twenty years or so, there has been a significant growth in the amount of data collected or generated through various mobile applications and inter-connected electronic smart devices. These big data are being smartly analysed by business firms and strategies are developed through the analysis of such data. The important question revolves around “Does the citizen or an individual has right against the accessing and processing of his data by others”. In this regard, privacy is an important concern as it is the right to be free from abuse and misuse of one’s personality. Right to Privacy leads to a life of speculation. Data privacy and protection enables an individual to lead his life happily with liberty as there is no interference to the private life of himself and his family etc., It is very important in this era of information technology, that the related legal provisions are created or derived from other legislative ratifications. This also needs to consider the way in which the data are collected from its citizen and analysed (Economic Laws Practice, 2020).
Key Terms in this Chapter
US Bill of Rights: Bill of Rights in the US is the set of amendments that has a law pertaining to the mutual guarantees of individual citizen’s rights and limitations on the state and the central governments. The Privacy Bill of Rights aims at streamlining the business firms that collect customers personal data. It intends to provide security, privacy and control for an individual over his private data.
Rivest Shamir Adleman (RSA) Algorithm: It is an asymmetric cryptography algorithm that requires two keys: Public and Private. The public key is the combination of two numbers where one is the product of two big prime numbers. The private key also is derived from the same those two numbers. The strength of this algorithm lies on the size of the key. The strength increases exponentially as the key gets the double or triple size.
Information-Level Privacy: This level deals with the data privacy and protection. Individuals should have the right and control over who can access and use their personal data and what kind of actions and decisions are derived from the accessed data.
Data: It refers to representation of information, knowledge, facts, concepts, or instructions that are being prepared in a formal manner. It is intended for processing and may be stored in any form on papers or on a storage device or in the computer memory.
Encryption: Encryption is the process that converts the data or information into a form of code that is unreadable, to prevent it from unauthorised usage. There are a number of encryption models and algorithms which are prevalent in the Internet world.
Advanced Encryption Standard (AES) Algorithm: This is the trusted encryption standard that is six times faster than Triple DES. It consists of four processes like Byte substitution, shift rows, mix columns and add round key. It is a widely accepted and adopted technique. It has a flexible key length size and there are no attacks against this algorithm till date.
Physical-Level Privacy: Individuals should have the right and independence over their bodies and their bodily functions, through which they can get the complete autonomy of physical privacy that leads to a person’s privacy and integrity.
Transport Encryption: This model travels over the computer network as the data travels and thereby it encrypts them. When the data is received by the site operators and intermediaries, it cannot be accessed at all due to the transport encryption; it also includes the security such as HTTPS, Transport Layer security and Secure Socket Layer.
EU General Data Protection Regulation: General Data Protection Regulation (GDPR) is the regulation that has to be followed by every business organization that keeps personal data of European Union Citizens. In April 2016, GDPR was adopted by European Parliament to consistently maintain this one standard across the 28 EU member states, to protect the security and privacy of customers and other individuals.
Device Encryption: In this case, stored information and data are secured using device encryption techniques. The data on the device cannot be opened or read by anyone except the one who has the password or PIN value. Even the hardware and software manufacturers cannot intrude the system to get the data. Smart phones and computer devices usually use this device encryption.
End-to-End Encryption: Here, the sender and the receiver hold the keys to decrypt the data that intermediate service providers, applications and devices are unable to read the contents while data is in transmission. This method is majorly adopted by messaging service providers for assuring the safety of message delivery process.
Decision-Level Privacy: This level provides protection of an individual’s decision making, against intrusion in the forms of communication, beliefs, and opinions etc. Individuals should be able to make choices in life without the outsiders’ suggestions, intimidation.
Triple Data Encryption Algorithm: This algorithm is designed to replace the popular Data Encryption Standard Algorithm (DESA), as it is more robust than DESA. This is the most widely used symmetric model normally used by many industries. This algorithm uses increased number of key sizes to protect the data against attacks. Electronic payment domains use this Triple DES; web browsers such as Mozilla and Firefox also use this algorithm.
E-Government: This is the application of information and communication technologies (ICTs) to government functions and procedures to increase efficiency and transparency of its services, and to allow citizen participation in its operation and processes.
Data Virtualization: Data virtualization provides a modern data layer that enables users to access, combine, transform, and deliver datasets with breakthrough speed and cost-effectiveness.