Unit 5

Basic Data Privacy Concepts

Data Privacy:
Data privacy, also known as information privacy, is a part of data protection that
focuses on ensuring the proper handling of data in accordance with data
protection regulations. This includes how data is collected, stored, managed, and
shared with third parties.

Elements of Data Privacy:

Data privacy consists of three key elements:
- Right to control personal data: Individuals have the right to be left alone and
have control over how their personal data is used.
- Proper handling of data: This involves establishing procedures for collecting,
processing, and sharing personal data appropriately.
- Compliance with laws: Organizations must comply with data protection laws to
ensure data is managed responsibly.

Data Privacy vs. Data Security:

- Data Privacy:
- Focuses on individuals' rights and preferences regarding their personal data,
including how it is collected, processed, shared, and archived.
- Governs how organizations handle personal data in line with legal and ethical
standards.

- Data Security:
- Involves measures to protect data from unauthorized access, alteration,
deletion, or disclosure.
 - Aims to prevent data breaches or cyber-attacks by implementing safeguards
such as access control, encryption, and network security.

In summary, data privacy emphasizes individuals' control over their personal data
and compliance with laws, while data security focuses on protecting data from
malicious attacks and unauthorized access. Both are essential for responsible data
management.

Data Privacy Attacks / Data Breaches

Data Breach:
A data breach occurs when there is a security violation where sensitive, protected,
or con dential data is accessed, copied, transmitted, viewed, or used by an
unauthorized individual.

Types of Data Breaches:

1. Stolen Information: Involves the theft of sensitive data such as credit card
numbers, customer information, trade secrets, or national security matters.
2. Ransomware: A malware attack where the attacker locks and encrypts the
victim's data, demanding a ransom for decryption.
- Infection: Ransomware is covertly downloaded and installed on the device.
- Execution: Ransomware scans and maps le locations, including locally
stored les and network systems.
- Encryption: The attacker encrypts the les and locks access to the data.
- User Noti cation: The ransomware presents a ransom note with payment
instructions.
- Cleanup: The ransomware typically deletes itself after leaving payment
instructions.
- Payment: The victim follows the payment instructions to pay the ransom.
- Decryption: If the victim pays, they may receive a decryption key, though
there's no guarantee.
fi
fi
fi
fi
fi
 3. Recording Key Strokes: Cybercriminals use keylogger malware to record
keystrokes on a computer, stealing sensitive data such as passwords and credit
card numbers.
4. Phishing: Fraudulent communications, often via email, pretending to be from
reputable sources to steal sensitive data or install malware.
5. Malware or Virus: Malicious software intended to damage or destroy computer
systems and data.
6. Distributed Denial of Service (DDoS): A DDoS attack aims to disrupt the
normal tra c of a targeted server, service, or network by ooding it with excessive
internet tra c.

These types of attacks can have serious implications for data privacy, leading to
theft or loss of sensitive information and potentially causing signi cant harm to
individuals and organizations.

Data Linkage and Pro ling

Data Linkage:
Data linking is the process of combining datasets to maximize the use of the
information they contain. By linking di erent sets of data, we can create a more
comprehensive and useful dataset.

Data Pro ling:

Data pro ling is the process of examining, understanding, and organizing data to
assess its quality and identify any issues. This helps ensure data accuracy,
consistency, and reliability.

Data pro ling techniques are grouped into three major categories:
1. Structure Discovery:
fi
fi
fi
ffi
ffi
fi
ff
fl
fi
 - Also known as structure analysis, this process validates that the data is
consistent and formatted correctly.

2. Content Discovery:
- This involves closely examining individual elements of the database to assess
data quality. It helps identify areas with null values or incorrect and ambiguous
values.

3. Relationship Discovery:
- This method seeks to understand the connections between datasets and
identify how data is being used.

Data pro ling tools help improve data quality through four main methods:

- Column Pro ling:

- This method scans a table and counts the frequency of values in each column,
revealing patterns and frequency distribution.

- Cross-Column Pro ling:

- This involves key analysis and dependency analysis:
- Key Analysis: Looks for potential primary keys in collections of attribute
values.
- Dependency Analysis: Identi es relationships or structures within a data set.

- Cross-Table Pro ling:

- Uses foreign key analysis to identify orphaned records and detect di erences in
data. This method examines the relationships of column sets across di erent
tables, reducing redundancy and identifying data sets that could be mapped
together.

- Data Rule Validation:

fi
fi
fi
fi
fi
ff
ff
 - Proactively validates that data sets conform to prede ned rules, improving data
quality. This can be achieved through batch validation or ongoing validation
services.

Privacy Policies and Their Speci cations

Privacy Policy:
A privacy policy is a legal document that explains how a party collects, uses,
discloses, and manages a customer or client's data. This policy is essential for
ensuring the privacy and protection of customer information and is often required
by law.

A privacy policy should provide the following:

1. Accessibility:
- The policy should be clear and easy to access for customers and clients.

2. Type of Data Collected:

- It should specify the types of personal and sensitive personal data collected by
the business.

3. Purpose of Collection:
- The policy should explain the purpose of collecting and using the information.

4. Disclosure of Information:
- The policy should outline how information, including sensitive personal data, is
shared.

5. Security Practices:
- The policy should detail the reasonable security measures and procedures the
organization adopts to protect the data.
fi
fi
 Elements of a Privacy Policy:

1. Consent:
- Consent is a crucial component of a privacy policy. The policy should specify
how consent for data collection and processing is obtained from customers.

2. Purpose of Information Collection:

- The policy should clearly explain why the data is collected and how it will be
used.

3. Disclosure of Information:
- It should state how and with whom the data may be shared, if applicable.

4. Security Practices:
- The policy should detail the security measures the organization uses to
safeguard customer data, such as encryption and access controls.

Privacy Policy Languages

Privacy policy languages play a signi cant role in managing privacy policies across
di erent stages, including writing, reviewing, testing, approving, issuing,
combining, analyzing, modifying, withdrawing, retrieving, and enforcing policy.

These languages were created to express the privacy controls that both
organizations and users want to convey. They were designed for speci c purposes
and have unique features and characteristics. Most of the e orts to develop these
languages have taken place in the last decade.

- In 1997, the World Wide Web Consortium (W3C) started developing the Platform
for Privacy Preferences (P3P) to express website privacy policies in a machine-
readable format.
ff
fi
ff
fi
 - Along with P3P, W3C also created the P3P Preference Exchange Language
(APPEL) in 1997. APPEL is used to express an individual's privacy preferences,
query P3P data, and make decisions accordingly.

- CPExchange (Customer Pro le Exchange) was introduced in 2000 to enable

business-to-business communication about privacy policies.

- Later, the industry recognized the need for languages that could express internal
privacy policies for organizations. In response, IBM developed the Enterprise
Privacy Authorization Language (EPAL) in 2003.

- During the same period, a consortium of organizations designed the eXtensible

Access Control Markup Language (XACML) to express both privacy and security
policies in a machine-readable format.

- Other initiatives like DPAL and XPref emerged in 2003 and 2004. Technological
advancements and the rapid adoption of pervasive computing further emphasized
the need for e ective privacy policy languages.

Privacy policy languages are generally lightweight XML markup languages

designed to be simple and concise. They are not expected to perform complex
mathematical operations or intricate ow controls.

O cial Website of Maharashtra Government Hacked :

The Maharashtra government's o cial website was allegedly hacked, prompting
the state's Information Technology department to le a formal complaint with the
ffi
ff
fi
ffi
fl
fi
city police. This marks the second hacking incident in two weeks and the fourth
since July, with the most recent attack occurring on September 5.

Joint Commissioner of Police (Crime) Rakesh Maria reported that access to the
website, www.maharashtra.gov.in, was temporarily blocked due to the hack, which
included Arabic content posted by the attacker. The IT department lodged an FIR,
and authorities are working to identify the hacker. It's suspected that an
international hacker group is responsible for all four attacks.

The website was compromised late on Monday night by a person or group using
the alias "coolhacker," who left an imprint of a hand on the website. The state's IT
department discovered the hacking on Tuesday morning and immediately
restricted access to the site.

Despite the attack, state o cials con rmed that no data was lost, and the website
did not su er signi cant damage. The site is updated daily with information on
government regulations and decisions and links to various government
departments. The hacker only managed to damage the homepage, and restoration
work is underway.

The Maharashtra government website is hosted on a VSNL server. In August, 345

Indian websites with domain extensions like .in, .co.in, and edu.in were defaced by
hackers. Since January, nearly 2,700 Indian websites have been hacked.

Online Gambling in India

Overview:
ff
fi
ffi
fi
 Recently, the Indian government has directed states to take action against outdoor
advertisements promoting online betting and gambling platforms. This directive
aligns with a previous advisory issued in June 2022, which instructed the media to
refrain from publishing such advertisements in the public interest.

Government’s Observations:
- The government noted that some betting and gambling platforms were using
outdoor media like hoardings, posters, and auto-rickshaw branding to promote
their services.
- Such advertisements were found to be misleading and not in strict adherence to
the Consumer Protection Act 2019.
- Betting and gambling are illegal in most parts of the country, posing nancial and
social risks to consumers, especially the youth and children.
- The government has objected to promoting a speci c betting platform that
appeared to violate the Copyright Act by encouraging people to watch a sports
league on its website.

What is Online Gambling?

Online gambling involves placing bets or wagers on games and events via the
internet to win money or prizes. It can be played on various devices and uses
virtual chips or digital currencies instead of cash. Types of online gambling include
casino games, sports betting, poker, and lottery.

Di erence Between Online Gaming and Gambling:

The distinction between gaming and gambling depends on the element of skill
involved. Gaming requires skill, while gambling relies on chance.

Concerns Related to Online Gambling:

- Financial and Social Issues: Online gambling can lead to addiction, resulting in
nancial and social problems.
- Unregulated: Online gambling is often unregulated, making it susceptible to
fraud.
fi
ff
fi
fi
 - Money Laundering: Online gambling can facilitate money laundering by allowing
large cash deposits and withdrawals in a legitimate form.
- Cyber-Attacks: Online gambling sites can be vulnerable to cyber-attacks, which
can compromise players' sensitive information.
- Social Isolation: Online gambling can lead to social detachment, as players
spend hours online.

Advantages of Online Gambling:

- Convenience: Online gambling is accessible from home or anywhere with an
internet connection.
- Accessibility: It is more accessible for people with disabilities or those who have
di culty leaving their homes.
- Revenue Generation: Online gambling can generate signi cant revenue for the
government through taxation and regulation.

Indian Law on Online Gambling:

- Public Gambling Act, 1867: The central law governing gambling in India is
outdated and ill-equipped to handle digital casinos and online gambling.
- State Laws: Gambling is largely a state subject, with each state regulating it
independently.
- Speci c Laws in Certain States: Some states like Goa, Sikkim, Daman,
Meghalaya, and Nagaland have speci c laws to regulate public gambling.

Way Forward:
Online gambling poses challenges that require regulatory and policy solutions to
ensure fair and responsible gambling. Given the complex legal landscape in India,
individuals should be aware of their state's laws and participate only in licensed
online gambling activities.
ffi
fi
fi
fi