applying data privacy techniques on published data in uganda

Download Applying Data Privacy Techniques on Published Data in Uganda

Post on 18-Nov-2014

921 views

Category:

Technology

0 download

Embed Size (px)

DESCRIPTION

 

TRANSCRIPT

  • 1. Applying Data Privacy Techniques on Published Data in Uganda Kato Mivule and Claude Turner, PhD Computer Science Department Bowie State UniversityEEE12 - The 2012 International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government Las Vegas, Nevada, USA July 16-19
  • 2. Applying Data Privacy Techniques on Published Data in UgandaAgenda Introduction Data Privacy and Security Policies Related work on data privacy in Uganda Essential data privacy terms Data privacy techniques Data privacy implementation Results Conclusion References Uganda flag and map - Image source: Wikipedia
  • 3. Applying Data Privacy Techniques on Published Data in UgandaIntroduction Higher education institutions post student admission and graduation data online. The Ugandan Electoral Commission posted the 2010 national voters register online. Uganda Bureau of Statistics publishes statistical data routinely online. Most published datasets from Uganda include personal identifiable information (PII). A growing number of young Ugandans are fans of Online Social Networks (OSN).
  • 4. Applying Data Privacy Techniques on Published Data in UgandaIntroductionExponential Data explosion in Africa: 110 million Internet users as of 2011 17 million Facebook accounts Text till you drop Campaign -Image source: Wikipedia A penetration rate of 10 percent for Internet 1.7 percent penetration rate for Facebook in Africa 500 million mobile subscriptions as of November 2010 in Africa These numbers are projected grow
  • 5. Applying Data Privacy Techniques on Published Data in UgandaIntroductionCurrent population in Africa is estimated at 1 Billion.The Mobile Phone has rightly been described by technologist Erik Hersman as Africas PC(whiteafrican.com) .
  • 6. Applying Data Privacy Techniques on Published Data in UgandaIntroduction Image source: Manypossibilities.netThe Data Privacy Problem: Africas PC.Companies like SEACOM have already completed laying their fiber optic cable to East Africa.
  • 7. Applying Data Privacy Techniques on Published Data in UgandaIntroduction Case studies on data privacy in EU and USA have been done. Case studies on data privacy in emerging markets is minimal. With a globalized economy, demands for data privacy is critical. Therefore in this paper We take a look at current data privacy and security laws in Uganda Implementation of data privacy techniques for a published Ugandan dataset Suggest how this approach may be generalized for data privacy in the country. African Savanna - Image source: Wikipedia
  • 8. Applying Data Privacy Techniques on Published Data in UgandaData Privacy and Security Policies In the USA, state and federal privacy laws require privacy of individuals be protected. The USA is the Privacy Act of 1974. Health Insurance Portability and Accountability Act (HIPAA) of 1996. The Ugandan constitution defines privacy in terms of interference, stating that: no person shall be subjected to interference with the privacy of that persons home, correspondence, communication or other property However, no precise definition is given in the context of PII, data privacy, and computer security. Kampala City - Image source: Wikipedia
  • 9. Applying Data Privacy Techniques on Published Data in UgandaData Privacy and Security Policies Ugandan Bureau of Statistics Act of 1998 describes Ugandan government policy on data collected by the Ugandan Bureau of Statistics (UBS). No policy on how non-governmental entities collect and disseminate data. PII in the Ugandan context is not mentioned. removal of identifiers is mentioned but is ambiguous. UBS Building Kampala- Image source: NBS TV UG UBS with expert care does publish de-identified micro datasets.
  • 10. Applying Data Privacy Techniques on Published Data in UgandaData Privacy and Security Policies No clear data privacy policies from: The Uganda Communications Commission (UCC). Ministry of Information and Communications Technology (ICT). The set of PII in the USA differs from that in Uganda. A Mobile Masai - Image source: Google Images There is need to expand Ugandas policy on Data Privacy. To date, no clear legal and technological data privacy framework exists in Uganda. We suggest data privacy techniques that could be utilized for basic data privacy .
  • 11. Applying Data Privacy Techniques on Published Data in UgandaRelated work on data privacy in Uganda Work on data privacy in Uganda and much of sub-Saharan Africa is sparse. Research on computer security in Uganda exists but centers on: Network security and access control. Cryptographic methodologies. Data mining but privacy preservation not discussed. Calls for electronic privacy policy in Uganda. Data privacy deals with Confidentiality. Data security deals with Accessibility. Makerere University Faculty of Computing - Image source: Newvision.co.ug
  • 12. Applying Data Privacy Techniques on Published Data in UgandaEssential data privacy termsData privacy - protection of an individuals data against unauthorized disclosure.Data security - safety of data from unauthorized access.Personally identifiable information (PII) - any identifying data about an individual.Data De-identification - PII attributes are removed from data.Data utility verses privacy - how useful a published dataset is to a user of that dataset.Privacy verses Utility - a balance between privacy and data utility is always sought.Achieving optimal data privacy while not distorting data utility is an NP-hard challenge. Ancient Nsibidi Nigerian Symbols - Image source: Wikipedia
  • 13. Applying Data Privacy Techniques on Published Data in UgandaEssential terms Statistical databases - published data sets that do not change. Attributes in statistical databases - field names or columns. PII attributes - properties that uniquely identify an individual. A San man - Image source: Wikipedia Quasi-attributes - attributes not in the PII category . Confidential attributes - not PII and quasi-attributes but contain sensitive data. Non confidential attributes - attributes that individuals do not consider sensitive. Inference and reconstruction attacks - separate pieces of data are used to derive a conclusion about a subject.
  • 14. Applying Data Privacy Techniques on Published Data in UgandaData Privacy Techniques Non-perturbative techniques original data not distorted. Perturbative techniques original data distorted. Ashante Kente wove Pattern - Image source: Wikipedia Suppression - sensitive data values that are unique are omitted. Generalization - sensitive data values are made less informative. k-anonymity - utilizes generalization, and suppression. k-anonymity requires that for a dataset with quasi-identifier attributes in database to be published, values in the quasi-identifier attributes be repeated at least k times to ensure privacy; that is, k >1. Sweeney[27]. Achieving an optimal k-anonymized dataset is still an NP-Hard challenge.
  • 15. Applying Data Privacy Techniques on Published Data in UgandaMethodology INPUT: Data from relation or schema OUTPUT: Data privacy preserving published tabular dataset Identify PII Attributes Remove PII Attributes Identify quasi-identifier attributes Generalize or Suppress quasi-identifier attributes Check that k>1 in tuples Check for single values that cannot be grouped together to achieve k>1 If single values exist, Generalize or Suppress until k-anonymity at k>1 Check for utility Publish tabular dataset
  • 16.