In the dawn of GDPR, and the digitalization of many processes and individuals as a result of COVID, it’s an increasing concern to be able to guarantee the privacy and security of users.
A secure system needs to ensure that the information stored is confidential, protected against unauthorized changes and available to authorized users.
Personal Identifiable Information (PII) is the basic unit of this guarantee in software with high sensitivity information of users including but not limited to banks and social media. PII includes:
- Names
- Addresses
- Social Security Numbers
- Photos, fingerprints, voice recordings
- Medical background, educational background
- Employment Information
This is all information that can point me to who you are and where you are. Identifying the type of PII our application is dealing with ensures that we’re aware of the impact of the information on the system.
To build a PII-secure software system, the following common practices need to be followed:
- Collection
- Abstraction
- Storage
- Deletion
This blog entry covers the first two. Part two will go in depth on the last two.
Collection
Protecting user’s data starts in its first step. Filling in registration forms, uploading images, etc.
Most technology users since GDPR are familiar with the guidelines of this stage. It is the joint responsibility of the user and the platform to ensure the user’s information isn’t compromised at this point.
The user can:
- Ensure they’re visiting only trusted websites. Nowadays browsers indicate “secure” websites (HTTPS) through a lock icon that you can easily identify.
- Determine if the information being requested by the platform makes sense. For example, if you’re enrolling in a cooking website, it doesn’t make sense for you to provide your ZIP Code, or even your age.
The company can:
- Explicitly inform the user of the exact information they’re storing from the user.
- Collect only necessary information
- Avoid transparent transfer of information between layers of your application
Abstraction
Abstraction of data (anonymisation) requires removing characteristics that could point us to the identity and information of someone.
For example, Carla works in Foo, Inc. And Foo, Inc. is based only in Waterloo. The relationship can be represented as follows:
Clara’s name, address and “works in” relationship are all confidential. If data from Foo, Inc. is compromised, we can pinpoint the address where Clara lives without directly hacking her.
The user can:
- Be picky of what information to disclose, opting out when necessary
- When Clara stops working from Foo, Inc. she needs to make sure her information is not on file. At least not the sensible information.
- Anonymize your identity and history through VPNs to ensure no malicious agent is compromising your privacy.
The company can:
- Decouple the addresses from their employees in the systems that allow it
- Host or acquire systems that ensure the security and encryption of the records of the employees.
- Provide reliable access to the network to employees via encryption or VPN technologies
In the next part, I’ll cover Storage and Deletion to be able to Protect Your Data. If you want to see more please subscribe and share with anyone you think this might interest.
References:
- https://patents.google.com/patent/US9317715B2/en
- https://books.google.com.mx/books?hl=en&lr=&id=tlTrkXB-f3cC&oi=fnd&pg=PR6&dq=personally+identifiable+information+collection&ots=Sj5UtAFbk7&sig=LI1KJHFq-vc4TJ3fb1v9UA5FBLQ&redir_esc=y#v=onepage&q=personally%20identifiable%20information%20collection&f=false
