Privacy In Information Technology: Essay On Properties, Principles, And Implementation.

Privacy in Information technology

Privacy is needed to taken care with utmost importance with the recent development of the information technologies. This paper briefly describes the idea of privacy inside an information technology organisation and the requirement of privacy. The properties of the privacy policies are discussed namely anonymity, unlinkability, pseudonymity unobservability and undetectability. Next the paper describes the various principles of the privacy design of the system. There are seven key principles of Privacy by Design (Drey and Delak 2021). The paper further elaborates the strengths and weaknesses of the implementation of privacy at the very initaial stage and providing appropriate situations according to the implementation of the system.

Human being is always concerned with protecting their personal information about life, valuing the concept of their privacy. Technological advancements of recent times in Information and Communication Technology (ICT) have provided threat to privacy and reduced control over private information. This unauthorized access of data can lead to significant number of negative consequences. Privacy of data and information defines as the extent of sharing personal information. Privacy is one of the fundamental rights to a human being. With rise of the internet, data privacy has become necessary and the user needs conformation that protection is given to their data. Privacy is required in controlling access of the information as unauthorized access can lead to criminals getting hold of private data to harass and fraud users. Criminals at times sell user data without consent to outside parties. Activities done online by an individual can be tracked and accessed unethically. The ICT organizations have improved their collection of data and information with surveillance functionalities.  Governments are trying to regulate the control of access to information by forming laws and policies. General Data Protection Regulation(GDPR) is established in Europe to establish the core of the digital privacy. National Data protection laws are used in various countries like Australia, Japan, Singapore and Canada are quite similar to the GDPR as it is the toughest policy. GDPR helps in establishing a singular set of rules that can be applied to the ICTs doing businesses in Europe. This single supervising authority has helped the business to operate with simplicity and reduce business cost (Zaeem and Barber 2020). The rules and regulations being unified on the purpose of data protection helping archivist to develop new business opportunities and promote innovation. This signifies that the safeguards for the data protections are inbuilt into services and products from the earliest planning steps providing Privacy by Design (PbD) in new innovations and technologies (Tesfay et al. 2018). The data protection is integrated to the core of the systems, programs, processes and practices. Privacy policies are implemented for following the concepts of PbD and requirements set in GDPR. The policy is drafted based on the points that needs addressing in the privacy procedures, collection and processing of Data. The policy helps in demonstrating the commitment towards privacy both to the clients and the regulators (Nejad et al. 2020). Data is handled with almost care under the governance of privacy policy.

Privacy properties

Privacy process is achieved by the realisation of the privacy issues through specific steps and flow of activities. The five basic privacy properties that are described are anonymity, undetectability, unlinkability, pseudonymity and unobservability. These factors need to taken care of while the design and implementation stages are being handled. Anonymity is defined to be the characteristics that helps identifiable information not to be identified in an indirect or direct manner. It helps in protecting the user of the services. The benefits of this are it helps users to not reveal their identity while accessing services. Safety from user profiling is provided with no location tracking and user involvement is minimalized. The negative side of it is it has to confirm user accountability, maintain usability of necessary information (Morales-Trujillo et al. 2018), Law enforcement require to erase anonymity to detect criminal activities requiring investigation of human identity.  Next Pseudonymity is the use of an alias so that personally identifiable data are always kept safe and the data available cant link it to any real identity. It helps users accessing services without having to disclose real identities. Reputational capital grows under pseudonymity. User accountability is maintained. It helps users to safeguard themselves from the threat of online services. The limitations of pseudonymity lead to forgery or impersonation allowing few users to abuse their privacy and carry out unethical services (Gabel and Schiering 2018). Unlinkability is the process of using a resource without being able to be linked the user of the service by using a third party. The benefits that are offered by unlinkability are protection of the privacy of the user while using a service by not facilitating malicious and harmful third parties to monitor which services are under use of the user. It helps in restricting profiling and misuse of data related to privacy. The limitations would be to store large numbers of unlinkability sets. The Undetectability is defined as the ability to be not detected or distinguished by a third party while a group of users are using the services (Morales-Trujillo et al. 2018). The strength of this undetectability comes from the number of nodes present in the undetectability sets. It helps the users to stay undetected not allowing third parties to understand which user is using which service. Limitations would be maintaining an equal traffic distribution between senders and receivers (Pattakou et al. 2018). Lastly unobservability is the inability of observation whether a user uses a service or not. It provides in increasing system anonymity and undetectability.  

Principles of Privacy

The PbD facilitates the views of future towards privacy by implementation of privacy assurance that is determined as the primary mode of operating business. The PbD is applied on IT systems and solutions, business practices and infrastructure of the network (Bu et al. 2020). The strength of privacy must be regulated according the sensitivity of the information. The primary objective is defined as ensuring control of access over personal information facilitating privacy with special care taken to sensitive data to gain a sustainable growth and advantage over competitors. There are 7 basic principles of privacy that must be ingrained in the system. First, the system should be preventive and proactive dynamically preventing privacy issues before occurrence. There is no waiting for risk occurrence, the risks are analysed and mitigated throughout the system. Secondly, there should be no need of privacy afterwards as it should be a default setting being built with the system design and implementation. Data privacy is taken maximum care of being automatically protected without any requirements (Bennet 2018). Thirdly, Privacy must be embedded into the design and infrastructure of the system as it becomes an effective component for business functionality core. Privacy is an integral part of the system and it provides in increasing business functionality. At fourth, The PbD accommodates all interests and goals of the company by a positive sum manner diminishing the idea of unnecessary trade-offs (Cavoukian et al. 2020). The fifth principal defines that PbD provides security measures throughout the entire life cycle of the information ensuring privacy from the start to the end. All data in the system are secured, retained, and destroyed at the end of the need of the data. At sixth place, PbD allows transparency and visibility to all of its stakeholders about the operations, practices or technologies involved in the system. PbD assures that operations are operating according to the goals, objectives and stated promises and can be subjected to verifications. Lastly the seventh principle states PbD should be user-centric requiring the archivists and operators to give utmost importance to the interest of the users offering measures privacy defaults, notices, and user-friendly services (Morales-Trujillo et al. 2018).

Data privacy must be integrated into the design of the system leading to the rise of PbD. However, this process has its own sets of strength and weaknesses that are needed to be assessed for the sustainable development of an ICT. The strengths and opportunities that might be accessed are the saving the cost of business in the long-term including avaibility of sanctions. There is a significant decrease in the time taken and effort required in design and post implementation stage of the system (Romanou 2018).  The company is able to provide higher rate of protection of data to its audience. There is a sense of understanding developed between the multidisciplinary teams by higher collaborations and coordination. It allows the detection of privacy issues by development of a Privacy Impact Assessment (Vemou and Karyda 2018). The PbD helps in facilitating privacy measures with help in reinforcement of image of the firm to the audience. Trust if the stakeholder towards the company is significantly improved. PbD at times is used as a marketing tool to attract interested customers (Poritskiy, Oliveira and Almeida 2019). The weaknesses that might be seen in the company are excessive use of resources with lack of proper understanding about the necessity of the new system. Sometimes excessive measures are taken to protect privacy of the information leading to customer and stakeholder dissatisfaction due to the rigidity and opacity of the process (Büscher, Perng and Liegl 2019). During the integration of the PbD in the system by the analysts, at times, employees do not welcome new implementations increasing tension inside the company. There is will inside the employees to not to be regulated by other professionals trying to secure privacy for the system (Justinger et al. 2019). There are many questions attached to the mind of the employees regarding the issues of the integration of the process. The leading area of questions are the quality of the privacy and security measures and risk to labour and the work environment. The focus of PbD should be dynamic caring about sensitive information with more priority, failing in which might lead to catastrophic loss of data and private information (Sangaroonsilp, Dam and Ghose 2021). Weaknesses should be mitigated and strength should be promoted for the success of ICT.

Strength and weakness

According to the above analysis, four situations are found for the implementation of PbD to manage privacy inside an ICT. The first situation leads to an offensive strategy that Formalizes the practices in designing privacy from inside of the organization, by creation of programs, procedures and routines that helps in reaching organizational goal. Certi?cations are provided in quality and privacy standards that prove the compliance with privacy (Alessi et al. 2021). The second situation leads to adapting a defensive strategy which helps in communication with data owners for PbD focuses to be adopted and its advantages on the company.  It requires performing marketing planning for communication with the data processing in terms of privacy protection. The third situation describes the reorientation of the strategy to raise the awareness of the managers to implement privacy as a part of every decision made for collection and sharing of private information and develop the same awareness between to the employees (Bednar, Spiekermann and Langheinrich 2019). There should be ample trainings and campaigns to promote and teach privacy awareness to the employees to signify the need of implementation of PbD (Dias Canedo et al. 2020).  The final situation leads to survival strategy which helps in collaboration with consultancies to provide help to the organization with privacy. Privacy risks are incorporated and assessed while risk assessment done for the company in the initial stage.

Conclusion: 

Recent developments in the Information and Communications Technologies have to the rise for need of privacy in human lives. Companies aims to access the control to private information by proposing various rules and guidelines which helps in attaining sustainable development and innovation with protection to user data. This paper briefly describes the concept of privacy in information and communications technologies and why it is an important factor for protecting data privacy. The paper briefly discusses about general data protection regulations and how PbD satisfies the sets of rules in GDPR in generation of security policies for the firm. Companies are adopting the basic properties of privacy in terms of anonymity, unlinkability, pseudonymity unobservability and undetectability. The seven principles of Program by design are briefly discussed along with its strength and weaknesses in achieving privacy for the organization. Lastly the paper concludes with the situations for implementation of the program by design by various strategies.

References: 

Alessi, A., Ciccarelli, G., Cipolli, L., Guidotti, L., Marsano, A. and Hanganu, A., 2021. Privacy by design and by default in software development in order to prevent unlawful processing of personal data. Privacy certifications impact on software development and liabilities.

Bednar, K., Spiekermann, S. and Langheinrich, M., 2019. Engineering Privacy by Design: Are engineers ready to live up to the challenge?. The Information Society, 35(3), pp.122-142.

Bennett, C.J., 2018. The European General Data Protection Regulation: An instrument for the globalization of privacy standards?. Information Polity, 23(2), pp.239-246.

Bu, F., Wang, N., Jiang, B. and Liang, H., 2020. “Privacy by Design” implementation: Information system engineers’ perspective. International Journal of Information Management, 53, p.102124.

Büscher, M., Perng, S.Y. and Liegl, M., 2019. Privacy, security, and liberty: Ict in crises. In Censorship, Surveillance, and Privacy: Concepts, Methodologies, Tools, and Applications (pp. 199-217). IGI Global.

Cavoukian, A., 2020. Understanding How to Implement Privacy by Design, One Step at a Time. IEEE Consumer Electronics Magazine, 9(2), pp.78-82.

Dias Canedo, E., Toffano Seidel Calazans, A., Toffano Seidel Masson, E., Teixeira Costa, P.H. and Lima, F., 2020. Perceptions of ICT practitioners regarding software privacy. Entropy, 22(4), p.429.

Drev, M. and Delak, B., 2021. Conceptual Model of Privacy by Design. Journal of Computer Information Systems, pp.1-8.

Gabel, A. and Schiering, I., 2018, August. Privacy Patterns for Pseudonymity. In IFIP International Summer School on Privacy and Identity Management (pp. 155-172). Springer, Cham.

Justinger, J., Heuer, T., Schiering, I. and Gerndt, R., 2019. Forgetfulness as a feature: Imitation of Human Weaknesses for Realizing Privacy Requirements. In Proceedings of Mensch und Computer 2019 (pp. 825-830).

Morales-Trujillo, M.E., Matla-Cruz, E.O., García-Mireles, G.A. and Piattini, M., 2018, April. Privacy by Design in Software Engineering: a Systematic Mapping Study. In CIbSE (pp. 107-120).

Nejad, N.M., Jabat, P., Nedelchev, R., Scerri, S. and Graux, D., 2020, September. Establishing a strong baseline for privacy policy classification. In IFIP International Conference on ICT Systems Security and Privacy Protection (pp. 370-383). Springer, Cham.

Pattakou, A., Mavroeidi, A.G., Diamantopoulou, V., Kalloniatis, C. and Gritzalis, S., 2018, August. Towards the design of usable privacy by design methodologies. In 2018 IEEE 5th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE) (pp. 1-8). IEEE.

Poritskiy, N., Oliveira, F. and Almeida, F., 2019. The benefits and challenges of general data protection regulation for the information technology sector. Digital Policy, Regulation and Governance.  

Romanou, A., 2018. The necessity of the implementation of Privacy by Design in sectors where data protection concerns arise. Computer law & security review, 34(1), pp.99-110.

Sangaroonsilp, P., Dam, H.K. and Ghose, A., 2021. Common Privacy Weaknesses and Vulnerabilities in Software Applications. arXiv preprint arXiv:2112.13997.

Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S. and Serna, J., 2018, March. PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics (pp. 15-21).

Vemou, K. and Karyda, M., 2018. An Evaluation Framework for Privacy Impact Assessment Methods. In MCIS (p. 5).

Zaeem, R.N. and Barber, K.S., 2020. The effect of the GDPR on privacy policies: Recent progress and future promise. ACM Transactions on Management Information Systems (TMIS), 12(1), pp.1-20.