Information and Data Privacy:

voltaireblingΔιαχείριση Δεδομένων

20 Νοε 2013 (πριν από 3 χρόνια και 6 μήνες)

72 εμφανίσεις

1

Information and Data Privacy:

An Indian Perspective


Why is this important? Public concern about
privacy.


Considerable concern in developed countries on
the issue of using a customer’s personal
information or data for intrusive and malicious
purposes.


Not much importance in developing countries
like India because of lack of awareness and also
perceptions differ.


Concept of privacy is different in different
countries and cultures.


2

Introduction


Recent advances in Data Mining enable
extraction of patterns about consumers based
on data that is available freely on the web


Extracting meaningful and useful knowledge
from consumer data is necessary to serve the
consumer better, offer better services and also in
some cases for security purposes


Also fraught with the risk of infringing on the
consumer’s individual privacy as ‘confidential’
information about a customer may be used to
discriminate against him/her.


3

Objective


Review current privacy problems


Analyze the existing or stated privacy policies of
some leading companies in India in the telecom,
banking and insurance sectors to see if they
agree and if not what are the significant
differences.


Introduce the concept of Privacy Preserving
Data Mining (PPDM) and describe the main
approaches.


Come up with a framework to suggest which
PPDM method may be applied in which domain.

4

Key Findings

Sector
\
Comp
-



pany

Airtel

Vodafone

Reliance

Telecom

Policy exists

Policy exists

Policy exists

Only company that
emphasizes on the
issue of sharing
customers’
information outside
India. Applicability
of Indian privacy
policies or laws in
other countries
where the data
may be stored is a
complex matter.

Can have security
implications.

5

Key Findings(Cont.)

Sector


Company

ICICI

HDFC

State Bank of
India (SBI)

Banking

Policy exists

Policy exists

Policy exists

May use private
data to protect
bank's interest

Does not allow
sharing
customers
confidential
information
unless
required by
law

Only bank to
have a clear
policy on how
to limit access
to customer
information by
their employees

6

Key Findings(Cont.)

Sector



Company



LIC

ICICI Lombard

HDFC
-
SL

Insurance

Policy exists

Policy exists

Policy exists

May collect
unnamed statistics
which do not
personally
identify the user.
Reserves right to
perform statistical
analyses but will
provide only
aggregated data
from these
analyses to third
parties


Log files are
analyzed so that
individual user is
not identified.





All companies can
share aggregate
data and overall
trends without
revealing individual
identity

HDFC_SL
retains the right
to share
aggegated non
-
personally
identifiable
information with
third parties.

7

Key Recommendations



Recommendations

Sector

Telecom

Data Transformation
/randomization under
PPDM approach

Banking

Secure Multiparty
computaion under
PPDM related
methods

Insurance

Vertically partitioning
the Data followed by a
simple Data
transformation

8

Recommendation Justifications


In the Telecom domain companies primarily
collect personal data on calling patterns and
conduct surveys for planning. Customers would
give share more accurate information if they
knew their privacy would be protected, therefore
Data transformation/randomization is proposed.


In Banking sector different parties wish to share
results on joint data owned by different parties
and so secure multiparty computation is
suggested.

9

Recommendation
Justifications(Cont.)


In insurance sector one has to deal with
sensitive information like private health records.


It is crucial that the personal data identifying an
individual uniquely , their medical history and
DNA sequences (if available) are stored such
that they can not be brought together by a
common user.



Vertical partitioning of the data followed by a
simple transformation of the private data is
therefore suggested.

10

Conclusion


Policies on Information sharing are inconsistent
across domains and across companies


Personal information is not always separated
from public information


Policy makers in telecom, banking and
insurance should be aware of privacy breaches
as a result of data mining on publicly available
data and therefore possible misuses.


Use of PPDM methods as suggested in
appropriate domains will ensure benefits of data
mining to reach the consumer without the
associated pitfalls