Download
1 / 14
140 likes | 256 Views
Minimising ID Theft when Sharing Personal Data using Pseudonymisation. Minimising ID Theft when Sharing Personal Data using Pseudonymisation. ID Crime – Home Office definitions. False ID An invented or modified genuine identity ID Fraud
E N D
Minimising ID Theft when Sharing Personal Data using Pseudonymisation Minimising ID Theft when Sharing Personal Data using Pseudonymisation
ID Crime – Home Office definitions • False ID An invented or modified genuine identity • ID Fraud Using someone else's ID details or a False ID to support unlawful activities or avoiding liabilities by claiming to be an ID Fraud victim • ID Theft Acquiring sufficient identifying information to commit ID Fraud • ID Crime Any of the above
Essence of ID Theft “Private information collection” • This implies ID Theft can be minimised if: • Difficult to guess/synthesize identifying data & • Difficult to re-use identifying data
Minimising ID Theft of shared data Complicate guessing/synthesis of identifying data: • Complex algorithm • Require extra information for use (e.g. expiry date, card verification code etc.) Complicate re-use of identifying data: • Restrict acceptable use i.e. compartmentalise & prevent linkage • De-sensitise the identifying data • Constantly changing/short lifetime (e.g. always moving house, disposable email address, single-use CC number) • Need extra data to “unlock” or validate it (e.g. encryption key or chip card PIN or biometrics/ID-card*, last bill amount, RBAC)
Encryption or Password permission Sensitive data exposed Relationships exposed Credit Card # 4321-5678-9876-1234 5678-1234-5678-5000 4321-5678-9876-1234 Trans Type Purchase Purchase Cash Advance Date 01-10-2002 05-10-2002 10-10-2002 Amount 50.00 250.00 1000.00 Name John Smith Jane Doe John Smith ... ... ... ... Pseudonymisation Sensitive data hidden Relationships exposed CC Id 444 555 444 Trans Type Purchase Purchase Cash Advance Date 01-10-2002 05-10-2002 10-10-2002 Amount 50.00 250.00 1000.00 ID 88 50 88 ... ... ... ... What exactly is pseudonymisation? • Link between sensitive data and pseudonym maintained (can be accessible by permission)
ID Theft and Privacy Breaches Privacy breaches ID Theft Junk mail/ spam Vocal Pharmacist/ Court Usher/ Doctor’s receptionist
Privacy Enhancing Technologies (PETs) - Fisher-Hubner • Pseudonymity Access resource/service without disclosing ID. Linkable and ID available. • Anonymity Access resource/service without disclosing ID. Real ID not available, may be linkable. • Unlinkability Service usage not linkable, sender/receivers not connectable • Unobservability Not possible to observe someone’s access or use of a service
Privacy Enhancing Technologies (Fisher-Hubner) contd. Pseudonymity Anonymity Unlinkability Unobservability Audit/Log Log deletion Application Digital Signatures Pseudonymisation Anonymisation Blind Signatures Digital Cash Steganography System Disk File erasing Communication Proxies Mix nets Continued use of identifiable data! Business databases here Thwart guessers Complicate re-use
Pseudonymisation reduces ID Theft • Preventing linkage of business identifiers by pseudonymising identifiers for different uses/departments i.e. Compartmentalising • Prevent re-use by business partners by pseudonymising data differently for each partner i.e. Compartmentalising • Enabling disposable ID’s • Next step towards privacy protecting data systems
The pseudonymisation leap The next step… Pseudonymised Identifiable data
NHS Case Study • Care Record Service (CRS) National database providing a live, interactive patient record service accessible 24 hours a day, seven days a week, by health professionals whether they work in hospital, primary care or community services. • CRS Secondary Uses Service Enables investigation of trends and emerging health needs which can inform public health policy. The data extracted will provide better information to support performance improvement and assessment, clinical audit and governance, monitoring and benchmarking, surveillance, research and planning
Interactive Query Batch Load Application 1 Dept A Data Source Data Source Data Source Stage-1 (Encryption) Application 2 Dept B RDBMS Database Loader Pseudonymisation Pseudonymisation Application 3 Dept B Loading the Central CRS database
J2EE Application Server Sapior Pseudonymisation Server EJB Client Sapior Redbridge Managed Data Store Network Network Anonymised Data Vault Anonymised Data Vault Pseudonymised Data Vault Pseudonymised Data Vault Self-service pseudonymisation Sapior API Stage-1 Stage-3 JDBC
Take-home Message • Contact: www.sapior.com +44-(0)20-7060-2965 If you share data and need to minimise ID Theft risk, then you must consider pseudonymisation
