SlideShare a Scribd company logo

Data security and privacy

rajab ssemwogerere
rajab ssemwogerere

In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.

Education
1 of 7
Data Privacy and Security Rajab Ssemwogerere1[2019/HD05/29911U] and Wamwoyo Faruk2[2019/HD05/25248U] Department of Computer Science, Makerere University {srajab@cis.mak.ac.ug,faroukissa85@gmail.com Abstract. Data privacy is a intricate job and is tremendously becoming a major key area of research as far as information technology and cloud technologies are concerned. This is due to the fact that, data or informa- tion is massively generated from many sources (smart phones, IP cam- eras, wireless sensor networks), it’s collected, shared and disseminated in many different segments. Due to this factor, countless individuals or organizations have absconded the cloud services despite the fact of their endless fruitiness benefits. Hence data security and privacy are becoming more important for the future development and improvement of cloud technologies in the government, business and industry. Data privacy pro- tection issues are relevant to both hardware and software in the cloud architecture. This study is to review different data privacy concepts, ap- proaches / techniques of managing data privacy, data privacy techniques in the cloud and some research trends in data privacy. Keywords: Data privacy; data protection; syntactic privacy; semantic privacy. 1 Introduction In this era of many disruptive technological innovations like IoT smart projects, artificial intelligence, robotics, blockchain technology, advanced virtual reality, 3D printing etc. Our lives have gradually changed since these technologies have made things simpler. Despite the fact of the enormous benefits these technolo- gies have impacted to our communities and societies, they have also significantly impacted the users’ privacy since more and more personal data is processed, col- lected, shared and dispersed. Data like location info, personal info over social medias e.g. what’s-app and Facebook, medical data e.g. the percentage of num- ber of people who have so far being diagnosed and have been tested positive with Ebola[1]. There are different reasons as to why businesses or organization’s collect, share and distribute personal information. One of the reasons why organization’s collect data; to make informed deci- sions from this data collected, for further analysis, study and research and to also provide effective improved services. Some of the reasons why they share personal data; to meet a contractual obligation or pursue a research project but basing on some restriction’s and conditions set by the General Data Protection
2 Rajab Ssemwogerere and Wamwoyo Faruk Regulation (GDPR); individuals must be aware that their data is being shared, sharing must be secure and documented. All this is to ensure that the personal data is protected adequately and handled properly by others. However, sharing personal data has put many individuals at risk, the research community has therefore dedicated many efforts in developing appropriate defi- nitions of privacy along with data protection techniques specifically targeted to enforce them[2]. Several different definitions of data privacy and techniques have been defined over years. According to (De Capitani et al, 2012), they categorized them into two (syntactic privacy and semantic privacy). Syntactic privacy definitions capture the protection degree enjoyed by data respondants with a numerical value. And Semanti privacy definitions are based on the satisfaction of a semantic privacy requirement. The main objective of our paper is to discuss some of the concepts of data privacy, approaches / techniques of managing data privacy, data privacy techniques in the cloud and some of the research trends in data privacy. 1.1 What is Data privacy? Data privacy also known as information privacy is a branch of data security which relates to how a pierce of data is properly handled, collected, shared and used [3-5]. In commerce consumers privacy needs to be protected, in organization’s privacy entitles the application of processes, standards and laws of managing personally identifiable information[6]. 1.2 Approaches/ techniques of managing data privacy. Incorporating ‘privacy by design’ into our IT systems: Taking this ap- proach of security to your security projects through incorporating privacy and data protection from this start. Helps your organization to comply with global data privacy regulations. This can be done when; – Deploying any new IT infrastructure that stores or processes personal data. – Implementing new security policies or strategies. – Sharing any data with third parties or customers. – Using data for any analytical purposes Conducting a privacy impact assessment (PIA): A PIA is a beneficial tool used to identify and reduce the risk of poor data privacy practices in your organization. These assessments reduce your risk of mishandling personal data. Key stakeholders are involved in a PIA interview which results in identifying potential privacy problems and offers recommendations on how to address chal- lenges. Ultimately, a PIA will help an organization and security team develop better policies and systems for handling sensitive personal data. Unfortunately, managing data privacy can’t be treated as a check-box ex- ercise. Global data privacy regulations are often loosely structured and can be
Data Privacy and Security 3 interpreted in many ways. There’s no defined standard of security controls on how an organization should handle personal data and privacy. In reality, manag- ing data privacy is about creating a comprehensive governance framework that’s suited to your business alone. Demonstrating compliance with global data privacy regulations: Demon- strating compliance with global data privacy regulations is a long-term outcome of implementing the right privacy and security controls with your people, pro- cesses, governance and technology. It requires a steadfast approach to each of these areas. Unfortunately, managing data privacy can’t be treated as a check- box exercise. Global data privacy regulations are often loosely structured and can be interpreted in many ways. There’s no defined standard of security con- trols on how an organization should handle personal data and privacy. In reality, managing data privacy is about creating a comprehensive governance framework that’s suited to your business alone. Data semantic and Data syntactic techniques: Data syntactic approaches or techniques traditionally guarantee data protection preserving the truthful- ness of the released information. Semantic approaches operate in scenarios; non- interactive scenarios and interactive scenarios. They typically add noise to the released data, this agitates the original content of the dataset, thus achieving privacy at the price of truthfulness[2]. Non-interactive scenarios entail in the release of a data collection and Interactive scenario in evaluating queries over a private data collection managed by the data holder. These techniques are used to guarantee that the query results plus those collected by data recipients cannot be exploited to gain information that should be kept secret. 1.3 Data privacy techniques of managing data privacy in the cloud Encryption of data within the application: This is one technique of imple- menting data confidentiality directly by encrypting data within the application. From the end-user’s perspective, data is protected against external hackers, in- ternal attacks and phishing attacks. And from the service providers perspective, it significantly reduces their risks and this makes it a joint responsibility between them and the users[7]. Examples of cloud encryption services include; boxcryp- tor, and uSav. This technique raised two major challenges; how will the encrypted data be stored at the service provider without changing the implementation of the applications? And since many functionalities supported by application re- quire data to be in plain text form (e.g., language translation function available in Google Doc). How can such functionalities continue to be made available to the end-user, even though data is encrypted? These challenges where addressed firstly, using a variety of format preserving encryption techniques and then secondly, an extendible middleware called cloud- protect was proposed respectively. Cloudprotect enables user-driven application data to be stored on the service provider side in encrypted form, also adds an extra layer to the user data. It also transforms users’ requests to operate on the
4 Rajab Ssemwogerere and Wamwoyo Faruk encrypted data. It facilitates key management and secure sharing of encrypted data. Fig. 1. Figure 1 illustrating a right scale of the 2018 state of the cloud report User Authentication technique: Only allows access to your data stored in the cloud to only authorized persons, making it crucial to restrict as well as monitor the one who accesses the company’s data. For the purpose of user au- thentication, organizations should be able to see data access logs and audit trails to permit only authorized users to view the data. These access logs and audit trails also have to be protected against threats and managed till the company requires it. Cryptography technique: This technique can achieve confidentiality of data of information using three different types of algorithms. They include symmetric- key, Asymmetric-key and Hashing algorithms. Symmetric key algorithms use the same cryptographic keys for both encryp- tion of plaintext and decryption of ciphertext. Using the same key for both encryption and decryption is a major drawback of symmetric key algorithms. These algorithms are also primarily used for the bulk encryption of data or data streams. Once data is encrypted with a given key, there is no fast way to de- crypt the data without possessing the same key. These algorithms are divided into block and stream algorithms. Block algorithms encrypt a data block (many bytes) at a time, while stream algorithms encrypt byte by byte. Asymmetric key algorithms are a newer version of Symmetric key algorithms. Its secret key is divided into a public and private key. This algorithm uses a pair of public key and a private key to encrypt and decrypt messages when com-
Data Privacy and Security 5 municating. The public key can be given to anyone, trusted or not, while the private key must be kept secret. This algorithm provides both authentication and confidentiality. A public key is made freely available to anyone who might want to send you a message. The second private key is kept a secret so that you can only know what is contained inside that message. Hashing algorithms just ensure integrity of data. Using secured protocols like the HTTPS: These good protocols provide data confidentiality but don’t guarantee data integrity[8]. HTTP stands for hy- pertext transfer protocol. HTTPS (hypertext transfer protocol secure) is an ex- tension of the HTTP. widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) which is the prede- cessor of the Secure Sockets Layer (SSL). The HTTPS does authentication of the accessed website, protection of the privacy and integrity of the exchanged data. It also protects against theman-in-the-middle attacks likely to happen when a company is deployed under the public cloud, whose infrastructure is completely managed by the third party called the service provider. HTTPS creates a secure channel over an insecure network against man-in-the-middle attacks. VPN (Virtual Private Network): VPN provides a secure communication. Many Cloud service providers offer VPNs to offer protection between user con- nection to the internet and across the internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPN can’t completely make cloud platforms completely secure, but they increase data privacy and security. Secure VPN protocols include; internet protocol security (IPsec), Transport Layer Se- curity (SSL/TLS), Datagram Transport Layer Security (DTLS) and many more, they provide data confidentiality, data authentication and data integrity. 1.4 Some research trends in data privacy. Data privacy issues are a major concept especially in cloud platforms, moti- vating some companies to build their own clouds to escape these issues[9]. The introduction of cloud computing has brought a number of risks, opportunities and possibilities for the new innovations. Under these research trends in data privacy, we will focus on some of the relevant future solutions or developments that have been developed and their long-term effects. Common security issues around cloud computing are divided into four main categories[10], cloud infras- tructure, data, access and compliance. Our major focus is data privacy, looking at data integrity, data lock in, data remanence, provenance, data confidentiality and user privacy specific concerns. Authentication and identity management: Users can easily access their personal information and make it available to various services across the Internet using an identity management (IDM) mechanism, it can authenticate users and
6 Rajab Ssemwogerere and Wamwoyo Faruk services based on their credentials and characteristics. The existing password- based authentication systems have a limitation and poses significant risks. But an IDM based system protects private and sensitive data or information related to users and processes[9]. Access control and accounting: Access control services should be flexible enough to capture dynamic, context, or attribute-or credential-based access re- quirements and to enforce the principle of least privilege. Such access control ser- vices might need to integrate privacy-protection requirements expressed through complex rules. It’s important that access control system employed in clouds is easily managed and its privilege distribution is administered efficiently[9]. Consumer activism: Consumer awareness and involvement will create more meaning about data privacy, how it has been or will be applied and implemented in the future research trends. Consumers will become more eager to know how organizations or companies got their data i.e. how a consumer’s email has been compromised to start receiving spam emails. Data breaches and data misuse court cases have all eroded the trust that individuals place in for-profit and non- profit entities. I firmly believe that this damage can be repaired, but it will take work on the part of organizations to win trust through transparency. Ethical questions around automation: Data privacy around the automated disruptive technologies like IOT, mobile and wearable devices combined with machine learning and artificial intelligence is still encountering difficulties. In a way that some organizations are still profiting from the use of a person’s infor- mation i.e. Facebook. Secondly, an ethical dilemma around anonymized data i.e. wearable health devices that track data patterns of individuals healthy activity pattern, these results are analyzed anonymously by healthcare researchers using AI. If one of these researchers finds a correlation between a certain reading and a healthcare risk, is there an ethical obligation to then inform users who exhibit this pattern? But of course, if the data is all anonymized, this should not be possible. 1.5 Conclusion Data Privacy is a heterogenous term subjected to several definitions. Different data definitions have been defined to clarify this term. In this paper, we first defined the definition of privacy, explained Data privacy techniques of managing data privacy in the cloud and then lastly, we discussed some of the future and research trends in data privacy which provides the basis for the development of the innovation strategy and future orientation.
Data Privacy and Security 7 References 1. S. I. Okware et al., ”Managing Ebola from rural to urban slum settings: experiences from Uganda,” African health sciences, vol. 15, no. 1, pp. 312-321, 2015. 2. S. De Capitani Di Vimercati, S. Foresti, G. Livraga, and P. Samarati, ”Data privacy: definitions and techniques,” International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 20, no. 06, pp. 793-817, 2012. 3. D. E. Robling Denning, Cryptography and data security. Addison-Wesley Longman Publishing Co., Inc., 1982. 4. V. Diamantopoulou, A. Tsohou, and M. Karyda, ”General Data Protection Reg- ulation and ISO/IEC 27001: 2013: Synergies of Activities Towards Organisations’ Compliance,” in International Conference on Trust and Privacy in Digital Business, 2019: Springer, pp. 94-109. 5. M. Li, W. Lou, and K. Ren, ”Data security and privacy in wireless body area networks,” IEEE Wireless communications, vol. 17, no. 1, pp. 51-58, 2010. 6. Y. Sun, J. Zhang, Y. Xiong, and G. Zhu, ”Data security and privacy in cloud computing,” International Journal of Distributed Sensor Networks, vol. 10, no. 7, p. 190903, 2014. 7. M. H. Diallo, B. Hore, E.-C. Chang, S. Mehrotra, and N. Venkatasubramanian, ”Cloudprotect: managing data privacy in cloud applications,” in 2012 IEEE Fifth International Conference on Cloud Computing, 2012: IEEE, pp. 303-310. 8. M. Y. Pandith, ”Data security and privacy concerns in cloud computing,” Internet of Things and Cloud Computing, vol. 2, no. 2, pp. 6-11, 2014. 9. J. Sen, ”Security and privacy issues in cloud computing,” in Cloud Technology: Concepts, Methodologies, Tools, and Applications: IGI Global, 2015, pp. 1585-1630. 10. S. Sengupta, V. Kaulgud, and V. S. Sharma, ”Cloud computing security–trends and research directions,” in 2011 IEEE World Congress on Services, 2011: IEEE, pp. 524-531.

Recommended

The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
 
Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011
Jonathan Sinclair
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data Privacy
Maganathin Veeraragaloo
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 

Recommended

The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
 
Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011Cloud Compliance Auditing - Closer 2011
Cloud Compliance Auditing - Closer 2011
Jonathan Sinclair
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data Privacy
Maganathin Veeraragaloo
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
Quadrisk
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
Jonathan Sinclair
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
Eryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
Eryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
Eryk Budi Pratama
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET Journal
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Chris Doolittle
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
EQS Group
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
Ulf Mattsson
 
Data Security
Data SecurityData Security
Data Security
ankita_kashyap
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
Information security
Information securityInformation security
Information security
Sanjay Tiwari
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 

More Related Content

What's hot

Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 

What's hot (20)

Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Data Security
Data SecurityData Security
Data Security
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
 

Similar to Data security and privacy

Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
Database Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisaDatabase Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisa
OllieShoresna
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
IlonaThornburg83
 
Security and Privacy of Big Data in Mobile Devices
Security and Privacy of Big Data in Mobile DevicesSecurity and Privacy of Big Data in Mobile Devices
Security and Privacy of Big Data in Mobile Devices
IOSRjournaljce
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...
Editor IJCATR
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...
Ulf Mattsson
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix LLC
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
mistryritesh
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
Ulf Mattsson
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 

Similar to Data security and privacy (20)

Information security
Information securityInformation security
Information security
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Big data security
Big data securityBig data security
Big data security
 
Big data security
Big data securityBig data security
Big data security
 
Database Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisaDatabase Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisa
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Ib3514141422
Ib3514141422Ib3514141422
Ib3514141422
 
Security and Privacy of Big Data in Mobile Devices
Security and Privacy of Big Data in Mobile DevicesSecurity and Privacy of Big Data in Mobile Devices
Security and Privacy of Big Data in Mobile Devices
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdf
 
Data Privacy in the Cloud.pdf
Data Privacy in the Cloud.pdfData Privacy in the Cloud.pdf
Data Privacy in the Cloud.pdf
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Big Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsBig Data: Privacy and Security Aspects
Big Data: Privacy and Security Aspects
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 
Target Unncryption Case Study
Target Unncryption Case StudyTarget Unncryption Case Study
Target Unncryption Case Study
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 

More from rajab ssemwogerere

More from rajab ssemwogerere (6)

Presentation machine learning
Presentation machine learningPresentation machine learning
Presentation machine learning
 
Define cancer treatment using knn and naive bayes algorithms
Define cancer treatment using knn and naive bayes algorithmsDefine cancer treatment using knn and naive bayes algorithms
Define cancer treatment using knn and naive bayes algorithms
 
Evaluate procedures
Evaluate proceduresEvaluate procedures
Evaluate procedures
 
Access control data security
Access control data securityAccess control data security
Access control data security
 
Application virtualization
Application virtualizationApplication virtualization
Application virtualization
 
Map reduce presentation
Map reduce presentationMap reduce presentation
Map reduce presentation
 

Recently uploaded

Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportIndustrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
Avinash Rai
 

Recently uploaded (20)

Benefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational ResourcesBenefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational Resources
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
B.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdfB.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdf
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
 
size separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceuticssize separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceutics
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
Open Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPointOpen Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPoint
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportIndustrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
 
NCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdfNCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdf
 
Gyanartha SciBizTech Quiz slideshare.pptx
Gyanartha SciBizTech Quiz slideshare.pptxGyanartha SciBizTech Quiz slideshare.pptx
Gyanartha SciBizTech Quiz slideshare.pptx
 
The Last Leaf, a short story by O. Henry
The Last Leaf, a short story by O. HenryThe Last Leaf, a short story by O. Henry
The Last Leaf, a short story by O. Henry
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Application of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matricesApplication of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matrices
 

Data security and privacy

  • 1. Data Privacy and Security Rajab Ssemwogerere1[2019/HD05/29911U] and Wamwoyo Faruk2[2019/HD05/25248U] Department of Computer Science, Makerere University {srajab@cis.mak.ac.ug,faroukissa85@gmail.com Abstract. Data privacy is a intricate job and is tremendously becoming a major key area of research as far as information technology and cloud technologies are concerned. This is due to the fact that, data or informa- tion is massively generated from many sources (smart phones, IP cam- eras, wireless sensor networks), it’s collected, shared and disseminated in many different segments. Due to this factor, countless individuals or organizations have absconded the cloud services despite the fact of their endless fruitiness benefits. Hence data security and privacy are becoming more important for the future development and improvement of cloud technologies in the government, business and industry. Data privacy pro- tection issues are relevant to both hardware and software in the cloud architecture. This study is to review different data privacy concepts, ap- proaches / techniques of managing data privacy, data privacy techniques in the cloud and some research trends in data privacy. Keywords: Data privacy; data protection; syntactic privacy; semantic privacy. 1 Introduction In this era of many disruptive technological innovations like IoT smart projects, artificial intelligence, robotics, blockchain technology, advanced virtual reality, 3D printing etc. Our lives have gradually changed since these technologies have made things simpler. Despite the fact of the enormous benefits these technolo- gies have impacted to our communities and societies, they have also significantly impacted the users’ privacy since more and more personal data is processed, col- lected, shared and dispersed. Data like location info, personal info over social medias e.g. what’s-app and Facebook, medical data e.g. the percentage of num- ber of people who have so far being diagnosed and have been tested positive with Ebola[1]. There are different reasons as to why businesses or organization’s collect, share and distribute personal information. One of the reasons why organization’s collect data; to make informed deci- sions from this data collected, for further analysis, study and research and to also provide effective improved services. Some of the reasons why they share personal data; to meet a contractual obligation or pursue a research project but basing on some restriction’s and conditions set by the General Data Protection
  • 2. 2 Rajab Ssemwogerere and Wamwoyo Faruk Regulation (GDPR); individuals must be aware that their data is being shared, sharing must be secure and documented. All this is to ensure that the personal data is protected adequately and handled properly by others. However, sharing personal data has put many individuals at risk, the research community has therefore dedicated many efforts in developing appropriate defi- nitions of privacy along with data protection techniques specifically targeted to enforce them[2]. Several different definitions of data privacy and techniques have been defined over years. According to (De Capitani et al, 2012), they categorized them into two (syntactic privacy and semantic privacy). Syntactic privacy definitions capture the protection degree enjoyed by data respondants with a numerical value. And Semanti privacy definitions are based on the satisfaction of a semantic privacy requirement. The main objective of our paper is to discuss some of the concepts of data privacy, approaches / techniques of managing data privacy, data privacy techniques in the cloud and some of the research trends in data privacy. 1.1 What is Data privacy? Data privacy also known as information privacy is a branch of data security which relates to how a pierce of data is properly handled, collected, shared and used [3-5]. In commerce consumers privacy needs to be protected, in organization’s privacy entitles the application of processes, standards and laws of managing personally identifiable information[6]. 1.2 Approaches/ techniques of managing data privacy. Incorporating ‘privacy by design’ into our IT systems: Taking this ap- proach of security to your security projects through incorporating privacy and data protection from this start. Helps your organization to comply with global data privacy regulations. This can be done when; – Deploying any new IT infrastructure that stores or processes personal data. – Implementing new security policies or strategies. – Sharing any data with third parties or customers. – Using data for any analytical purposes Conducting a privacy impact assessment (PIA): A PIA is a beneficial tool used to identify and reduce the risk of poor data privacy practices in your organization. These assessments reduce your risk of mishandling personal data. Key stakeholders are involved in a PIA interview which results in identifying potential privacy problems and offers recommendations on how to address chal- lenges. Ultimately, a PIA will help an organization and security team develop better policies and systems for handling sensitive personal data. Unfortunately, managing data privacy can’t be treated as a check-box ex- ercise. Global data privacy regulations are often loosely structured and can be
  • 3. Data Privacy and Security 3 interpreted in many ways. There’s no defined standard of security controls on how an organization should handle personal data and privacy. In reality, manag- ing data privacy is about creating a comprehensive governance framework that’s suited to your business alone. Demonstrating compliance with global data privacy regulations: Demon- strating compliance with global data privacy regulations is a long-term outcome of implementing the right privacy and security controls with your people, pro- cesses, governance and technology. It requires a steadfast approach to each of these areas. Unfortunately, managing data privacy can’t be treated as a check- box exercise. Global data privacy regulations are often loosely structured and can be interpreted in many ways. There’s no defined standard of security con- trols on how an organization should handle personal data and privacy. In reality, managing data privacy is about creating a comprehensive governance framework that’s suited to your business alone. Data semantic and Data syntactic techniques: Data syntactic approaches or techniques traditionally guarantee data protection preserving the truthful- ness of the released information. Semantic approaches operate in scenarios; non- interactive scenarios and interactive scenarios. They typically add noise to the released data, this agitates the original content of the dataset, thus achieving privacy at the price of truthfulness[2]. Non-interactive scenarios entail in the release of a data collection and Interactive scenario in evaluating queries over a private data collection managed by the data holder. These techniques are used to guarantee that the query results plus those collected by data recipients cannot be exploited to gain information that should be kept secret. 1.3 Data privacy techniques of managing data privacy in the cloud Encryption of data within the application: This is one technique of imple- menting data confidentiality directly by encrypting data within the application. From the end-user’s perspective, data is protected against external hackers, in- ternal attacks and phishing attacks. And from the service providers perspective, it significantly reduces their risks and this makes it a joint responsibility between them and the users[7]. Examples of cloud encryption services include; boxcryp- tor, and uSav. This technique raised two major challenges; how will the encrypted data be stored at the service provider without changing the implementation of the applications? And since many functionalities supported by application re- quire data to be in plain text form (e.g., language translation function available in Google Doc). How can such functionalities continue to be made available to the end-user, even though data is encrypted? These challenges where addressed firstly, using a variety of format preserving encryption techniques and then secondly, an extendible middleware called cloud- protect was proposed respectively. Cloudprotect enables user-driven application data to be stored on the service provider side in encrypted form, also adds an extra layer to the user data. It also transforms users’ requests to operate on the
  • 4. 4 Rajab Ssemwogerere and Wamwoyo Faruk encrypted data. It facilitates key management and secure sharing of encrypted data. Fig. 1. Figure 1 illustrating a right scale of the 2018 state of the cloud report User Authentication technique: Only allows access to your data stored in the cloud to only authorized persons, making it crucial to restrict as well as monitor the one who accesses the company’s data. For the purpose of user au- thentication, organizations should be able to see data access logs and audit trails to permit only authorized users to view the data. These access logs and audit trails also have to be protected against threats and managed till the company requires it. Cryptography technique: This technique can achieve confidentiality of data of information using three different types of algorithms. They include symmetric- key, Asymmetric-key and Hashing algorithms. Symmetric key algorithms use the same cryptographic keys for both encryp- tion of plaintext and decryption of ciphertext. Using the same key for both encryption and decryption is a major drawback of symmetric key algorithms. These algorithms are also primarily used for the bulk encryption of data or data streams. Once data is encrypted with a given key, there is no fast way to de- crypt the data without possessing the same key. These algorithms are divided into block and stream algorithms. Block algorithms encrypt a data block (many bytes) at a time, while stream algorithms encrypt byte by byte. Asymmetric key algorithms are a newer version of Symmetric key algorithms. Its secret key is divided into a public and private key. This algorithm uses a pair of public key and a private key to encrypt and decrypt messages when com-
  • 5. Data Privacy and Security 5 municating. The public key can be given to anyone, trusted or not, while the private key must be kept secret. This algorithm provides both authentication and confidentiality. A public key is made freely available to anyone who might want to send you a message. The second private key is kept a secret so that you can only know what is contained inside that message. Hashing algorithms just ensure integrity of data. Using secured protocols like the HTTPS: These good protocols provide data confidentiality but don’t guarantee data integrity[8]. HTTP stands for hy- pertext transfer protocol. HTTPS (hypertext transfer protocol secure) is an ex- tension of the HTTP. widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) which is the prede- cessor of the Secure Sockets Layer (SSL). The HTTPS does authentication of the accessed website, protection of the privacy and integrity of the exchanged data. It also protects against theman-in-the-middle attacks likely to happen when a company is deployed under the public cloud, whose infrastructure is completely managed by the third party called the service provider. HTTPS creates a secure channel over an insecure network against man-in-the-middle attacks. VPN (Virtual Private Network): VPN provides a secure communication. Many Cloud service providers offer VPNs to offer protection between user con- nection to the internet and across the internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPN can’t completely make cloud platforms completely secure, but they increase data privacy and security. Secure VPN protocols include; internet protocol security (IPsec), Transport Layer Se- curity (SSL/TLS), Datagram Transport Layer Security (DTLS) and many more, they provide data confidentiality, data authentication and data integrity. 1.4 Some research trends in data privacy. Data privacy issues are a major concept especially in cloud platforms, moti- vating some companies to build their own clouds to escape these issues[9]. The introduction of cloud computing has brought a number of risks, opportunities and possibilities for the new innovations. Under these research trends in data privacy, we will focus on some of the relevant future solutions or developments that have been developed and their long-term effects. Common security issues around cloud computing are divided into four main categories[10], cloud infras- tructure, data, access and compliance. Our major focus is data privacy, looking at data integrity, data lock in, data remanence, provenance, data confidentiality and user privacy specific concerns. Authentication and identity management: Users can easily access their personal information and make it available to various services across the Internet using an identity management (IDM) mechanism, it can authenticate users and
  • 6. 6 Rajab Ssemwogerere and Wamwoyo Faruk services based on their credentials and characteristics. The existing password- based authentication systems have a limitation and poses significant risks. But an IDM based system protects private and sensitive data or information related to users and processes[9]. Access control and accounting: Access control services should be flexible enough to capture dynamic, context, or attribute-or credential-based access re- quirements and to enforce the principle of least privilege. Such access control ser- vices might need to integrate privacy-protection requirements expressed through complex rules. It’s important that access control system employed in clouds is easily managed and its privilege distribution is administered efficiently[9]. Consumer activism: Consumer awareness and involvement will create more meaning about data privacy, how it has been or will be applied and implemented in the future research trends. Consumers will become more eager to know how organizations or companies got their data i.e. how a consumer’s email has been compromised to start receiving spam emails. Data breaches and data misuse court cases have all eroded the trust that individuals place in for-profit and non- profit entities. I firmly believe that this damage can be repaired, but it will take work on the part of organizations to win trust through transparency. Ethical questions around automation: Data privacy around the automated disruptive technologies like IOT, mobile and wearable devices combined with machine learning and artificial intelligence is still encountering difficulties. In a way that some organizations are still profiting from the use of a person’s infor- mation i.e. Facebook. Secondly, an ethical dilemma around anonymized data i.e. wearable health devices that track data patterns of individuals healthy activity pattern, these results are analyzed anonymously by healthcare researchers using AI. If one of these researchers finds a correlation between a certain reading and a healthcare risk, is there an ethical obligation to then inform users who exhibit this pattern? But of course, if the data is all anonymized, this should not be possible. 1.5 Conclusion Data Privacy is a heterogenous term subjected to several definitions. Different data definitions have been defined to clarify this term. In this paper, we first defined the definition of privacy, explained Data privacy techniques of managing data privacy in the cloud and then lastly, we discussed some of the future and research trends in data privacy which provides the basis for the development of the innovation strategy and future orientation.
  • 7. Data Privacy and Security 7 References 1. S. I. Okware et al., ”Managing Ebola from rural to urban slum settings: experiences from Uganda,” African health sciences, vol. 15, no. 1, pp. 312-321, 2015. 2. S. De Capitani Di Vimercati, S. Foresti, G. Livraga, and P. Samarati, ”Data privacy: definitions and techniques,” International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 20, no. 06, pp. 793-817, 2012. 3. D. E. Robling Denning, Cryptography and data security. Addison-Wesley Longman Publishing Co., Inc., 1982. 4. V. Diamantopoulou, A. Tsohou, and M. Karyda, ”General Data Protection Reg- ulation and ISO/IEC 27001: 2013: Synergies of Activities Towards Organisations’ Compliance,” in International Conference on Trust and Privacy in Digital Business, 2019: Springer, pp. 94-109. 5. M. Li, W. Lou, and K. Ren, ”Data security and privacy in wireless body area networks,” IEEE Wireless communications, vol. 17, no. 1, pp. 51-58, 2010. 6. Y. Sun, J. Zhang, Y. Xiong, and G. Zhu, ”Data security and privacy in cloud computing,” International Journal of Distributed Sensor Networks, vol. 10, no. 7, p. 190903, 2014. 7. M. H. Diallo, B. Hore, E.-C. Chang, S. Mehrotra, and N. Venkatasubramanian, ”Cloudprotect: managing data privacy in cloud applications,” in 2012 IEEE Fifth International Conference on Cloud Computing, 2012: IEEE, pp. 303-310. 8. M. Y. Pandith, ”Data security and privacy concerns in cloud computing,” Internet of Things and Cloud Computing, vol. 2, no. 2, pp. 6-11, 2014. 9. J. Sen, ”Security and privacy issues in cloud computing,” in Cloud Technology: Concepts, Methodologies, Tools, and Applications: IGI Global, 2015, pp. 1585-1630. 10. S. Sengupta, V. Kaulgud, and V. S. Sharma, ”Cloud computing security–trends and research directions,” in 2011 IEEE World Congress on Services, 2011: IEEE, pp. 524-531.