Personal Identification Information: Protection And Governance Plan

Protection and Governance Plan for Personal Data

Question:

Develop an outline plan for the Governance of PII data and digital identities for users of the MyLicence portal.

The report discusses about the “personal identification information” or PII and the protection of the personal data by “Department of Administrative service” or DAS that aims at providing different types of services to the state government of Australia (Al-Fedaghi & Al-Azmi, 2012). PII or personally identified information are the data that are used for identifying a specific individual potentially. Any type of information’s that are used for distinguishing someone from the other person can be considered as an PII. There are two types of PII sensitive and non-sensitive. Sensitive PII includes the data which when exposed can cause serious massacre and can harm an individual.so the sensitive data should be encrypted so as to protect the data. Non-sensitive data are those which can be easily gathered and does not harm anyone. Digital identity refers to the information of an entity used the computer system to represent it to the external agent. Digital identities help in accessing the computer or the service in an automated way. This report is going to discuss about the governing plans required for the PII and digital identity that is to be adopted by Department of Administrative Services (DAS). This type of services are mainly aiming at putting emphasis on the certain sections of the organization. With respect to the changes in the government policies, the main of DAS is to put emphasis on the use of “shared services” (Chakravorty, Wlodarczyk & Rong, 2013). Which in terms highlight the facts of DAS that id focusing on the process of creating a centralized service system which can help the government. Collection of the data by the various service providers need to be done from the centralized data of DAS (Theoharidou, Mylonas & Gitzalis, 2012). This is related to the application of “SaaS HR”, “personnel management suite”, “SaaS contractor management suite”, “Cots payroll solution” in the “AWS cloud”.

Government has taken the decision of using the MyLicense portal for the purpose of renewing the licenses. It helps the government to retain a track of the different kind of licenses individual citizen is having (Bryant, 2013). Certain plans have been introduced by the government for the purpose registering on My license portal and for the purpose of creating their own informal digital identity (Cavoukian & Jonas, 2012). The use of data stored in database for the purpose of making better plans and taking decisions by the different government bodies and public agencies (Venkatanathan et al., 2013).

Identification and Authentication

The different important topics like the assessment of the threats and risk related to “personally identifiable information data” on the MyLicense portal considering the privacy and data protection with the solutions like control of the risk, adopting different Plans for controlling the “informal digital identity”, “privacy” and “data protection” that are part of the digital identity that has been discussed (Barocas & Nissenbaum, 2014).

Protection of Informal Digital identity

Three components are included in the informal digital identity and they are “identification or registration”, “authentication” and “authorization” (Chen & Zhao, 2012). The process which helps to get a digital identity is known as “Identification or registration”. “Authentication process” is the process of verification of different aspects related to someone’s identity (Barocas & Nissenbaum, 2014). “Authorization” allows a user to make use of the digital identity for the purpose of identification in different “electronic transaction” and “online form fill up in the license website. “Identification” also includes four different parts and they are “self-asserted”, “direct”, “third party” and “detailed direct” (Chen & Zhao, 2012). “Self-asserted” is the process in which the user uses self-assertion of his own identity and the third party dose not perform any type of verification. (Danezis et al., 2015). Verification is done by the Third and a good sample is validating the outputs of the telecomm company (Bryant, 2013). “Authentication” can be described as the security process that allows the user by the process of “one factor authentication”, “two factor authentication” and “three factor authentication” (Al-Fedaghi & Al-Azmi, 2012). The most commonly used authentication is the “One factor authentication” which uses a combination of user and password (Ferrari, 2013). The more secure process is the “Two factor authentication” which consist of a combination of certificates that are digital, a fingerprint or passcode (Li et al., 2014). “Three factor authentication” is the process which includes the all other authentication processes (Lin et al., 2012).

Outline plan

The main aim of creating a plan for governance is for the purpose of checking and approving the different procedures that are needed for managing and administrating the projects. (KoninG et al., 2014). For creating a proper governance plan it is necessary to take assistance from both the “procedural and documentation” (Theoharidou, Mylonas & Gritzalis, 2012). The governance plan of a project consists of 4 goals. The goals are promotion of the various things like consistency, productivity and what the stakeholders expect (Haimes,2015). By taking help from the predefined practices it is possible to produce the proper deliverables. (Venkatanathan et al., 2013). Stakeholders can be empowered with different flexible techniques and practices.

Planning and Governing Projects

For the purpose of executing the various decisions in the project, Governance can act as a key factor. This in term consists of the practices, steps, strategies. Project governance can also be defines as the “people” and “purpose” driven process (Song et al., 2012). Governing of the projects are done by the authorized boby only and proper responsibility should be taken for performing various processes (Haimes,2015). Four steps are included in the proper creation of the governance plan (KoninG et al., 2014). The four steps include “nimble and flexible”, “clean and concise consistency”, “explain and justify” and “accept and approve”. There should remain a flexibility in the format of the governance plan for the purpose of accounting according to the different sizes of project (Theoharidou,  Mylonas & Gritzalis, 2012). Which is initially related to the fact of “smaller”, “less complex” project which may or may not require the similar governance planning as that of the large, complex projects. Content of governance plan are required to be provided in the procedure that is planned and necessary justification should be provided according to the different terms of “inclusion and exclusion” (Haimes,2015).

A certain number of things can be done in the process of dealing with “personal identifiable information” by the using some different types of “standards” and “procedure” for the purpose of protecting the data that are personal (Cavoukian & Jonas, 2012). The duty of developer is not to provide any type of sensitive data in the different programs (Barocas & Nissenbaum, 2014). Privacy and security issues are also ensured before the production (Chakravorty, Wlodarczyk & Rong, 2013). the user should be very much aware of the imposters. The user must be sure about the fact that who is able to get the financial or the personal details. User must not share the personal information of the portal with someone by means of anything unless and until the user is sure or know about the person they are dealing with. Whenever someone asks for the details of the account the user must contact the customer service via the official website provided in the official website of DAS. Few things that are to be considered are Where is the PII data of the user kept? Who are responsible for that data? Who are able to access the data? With whom the company can share the data stored? It is certain that the user has seen the notifications that are coming from the credit cards or any other mailed statements about how they will and will not share your PII data. The user might be asked if they have given the permission to share their PII data. It might not be considered by the user but after that the user might consider. The user should also dispose of the personal data before disposing of the computer. User must ensure that all the data have been cleared before disposing of any device. Encryption must be done by the user before uploading any information into the portal. The user must keep the password private and should use strong passwords. the user must use specific methods of digital identity across the portal which will help the user to know whenever someone else tried to access the portal other than the user. By the use of single identity monitoring and the process of verification the user is protected from any types of threats. Proper authentication process by the user must be done.

Dealing with Personal Identifiable Information

Governance plan makes it easy for the generation of data assets by the PII data and the financial data which provides opportunities for the My License portal, plan and knowledge of the experienced user (Bryant, 2013). Governance data asset can be helpful because the other assets of enterprise like “financial security”, “cash” and “human resource”. Proper methods should be adopted by them for the purpose of protecting the data that they are storing. DAS should look into the matter that all the information’s they are storing are encrypted in a proper way. All the methods of verification process should be properly developed by the DAS so that no one is able to access the data rather than the authorized ones. All the sensitive data of the DAS are managed by this section so the requirement for protection is very much high for the user of the users in the HR management suite. The company should follow all the data protection laws for the purpose of minimizing their risk of data loss. The employees must ensure that they are adopting the best data privacy and protection. They should aim at limiting the collection of the user’s personal data which they “collect”, “process”, “transfer” and “store”. They should limit the access to a limited number of user and should also provide training to the employees so as to control their personal data.

Data of governance plan is generally inclusive of both the PII and personal data for different contractor which should include various important points like providing ideas for procedure which is used for safeguarding the data containing important information about the various contractors of Australia, sensitive data containing important information must be protected during signing of different contracts, Checking different types of regulation while identification of various omission of identification of DAS in the suite of contractor management.

The plan of governance can easily assist in the “PII data” and financial information for the creation of assets of data and it also provide and wonderful chance for creation of this license website that is My license portal. Data of governance can be useful like assets like cash, human resource and security in the financial domain.

National action plan will help in promoting transparency, corruption fighting, will use the power of new technologies for making the government a bit better. This plan focuses in certain areas like domain of various business across the country, easily accessing different plan of government. Upgradation of this plan mainly has three phase that are creating awareness about it among the citizen, looking for new idea and lastly drafting of this plan.

Data Asset Generation Governance

This plan has led to creating awareness in the youth in the year of 2015 and addition consciousness about the given strategy can be easily formed by use of different stages of social media like websites of different government and mailing the notices on the various website.

Conclusion

The above discussion helps to conclude that the services provided by the “department of Administrative service” that is DAS of Australian state government provides are “HR and personnel management”, “payroll”, “contract tendering management”. According to the changes in the government policies DAS focuses on the process of implementing of services that are shared which is initially related to facts of DAS centralizing their different services. So the organization has made the decision of using the portal MyLicense for the purpose of renewing the licenses. This also the fact that the government can easily track the types of licenses that the citizens are having. Introduction of new plans by the Government for the process of registering in the portal for the purpose of creating individual new digital identities. This in terms can be used for the purpose of planning and to make better decisions by the government bodies and also the various public agencies. This report consists of the discussions related to the various threats faced and the ways of mitigating the risks in the portal. Both the privacy and the protection of the PII has been considered by the TRA. There is also a governance plan for the purpose of protecting the data in the website. Along with this other important points like the data that are personal and the PII data for the users of the DAS in the “HR personnel management”, “contractor management suite” has been discussed briefly. PII data and data consisting the financial information of the users and the staffs of the DAS in the “COTS payroll suite” is also discussed in brief.

References

Al-Fedaghi, S., & Al-Azmi, A. A. R. (2012). Experimentation with personal identifiable information. Intelligent Information Management, 4(04), 123.

Barocas, S., & Nissenbaum, H. (2014). Big data's end run around procedural privacy protections. Communications of the ACM, 57(11), 31-33.

Bryant, T. (2013). UE-COTS at the University of Iowa. Workplace: A Journal for Academic Labor, (7).

Cavoukian, A., & Jonas, J. (2012). Privacy by design in the age of big data (pp. 1-17). Information and Privacy Commissioner of Ontario, Canada.

Chakravorty, A., Wlodarczyk, T., & Rong, C. (2013, May). Privacy preserving data analytics for smart homes. In Security and Privacy Workshops (SPW), 2013 IEEE (pp. 23-27). IEEE.

Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.

Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J. H., Metayer, D. L., Tirtea, R., & Schiffner, S. (2015). Privacy and Data Protection by Design-from policy to engineering. arXiv preprint arXiv:1501.03726.

Ferrari, A. (2013). DIGCOMP: A framework for developing and understanding digital competence in Europe.

Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.

KoninG, M., KoREnhoF, P., Alpár, G., & Hoepman, J. H. (2014). The abc of abc: an analysis of attribute-based credentials in the light of data protection, privacy and identity.

Li, Z., Ma, Z., van der Kuijp, T. J., Yuan, Z., & Huang, L. (2014). A review of soil heavy metal pollution from mines in China: pollution and health risk assessment. Science of the Total Environment, 468, 843-853.

Lin, N., Emanuel, K., Oppenheimer, M., & Vanmarcke, E. (2012). Physically based assessment of hurricane surge threat under climate change. Nature Climate Change, 2(6), 462.

Louw, C., & von Solms, S. (2013, October). Personally identifiable information leakage through online social networks. In Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference (pp. 68-71). ACM.

Marwick, A. E., & Boyd, D. (2014). Networked privacy: How teenagers negotiate context in social media. New Media & Society, 16(7), 1051-1067.

Monteleone, S. (2012). Privacy and Data Protection at the time of Facial Recognition: towards a new right to Digital Identity? European Journal of Law and Technology, 3(3).

Smith, C. (Ed.). (2012). Insect colonization and mass production. Elsevier.

Song, D., Shi, E., Fischer, I., & Shankar, U. (2012). Cloud data protection for the masses. Computer, 45(1), 39-45.

Theoharidou, M., Mylonas, A., & Gritzalis, D. (2012). A risk assessment method for smartphones. Information security and privacy research, 443-456.

Venkatanathan, J., Kostakos, V., Karapanos, E., & Gonçalves, J. (2013). Online Disclosure of Personally Identifiable Information with Strangers: Effects of Public and Private Sharing. Interacting with Computers, 26(6), 614-626.