Privacy & Security
Maintaining user privacy and the security of systems that process—i.e., collect, store, use, and disseminate—personal data is a fundamental concern for ID systems as discussed in Section II. Assess Risks. In addition to adhering to international data protection and privacy principles in the development of the legal framework, privacy-enhancing technologies (PETs) and security measures should be built into every aspect of the ID system—that is, privacy assurance must become an organizational norm.
Achieving this goal can be done through adopting a “privacy-and-security-by-design” approach—first conceptualized by Anne Cavoukian as “Privacy-by-Design” or PbD (Cavoukian 2011)—that adheres to the principles enumerated in Box 18.
Box 18. Foundational Principles of Privacy by Design (PbD)
Source: Cavoukian (2011).
As shown in Figure 12, the privacy-and-security-by-design approach embodies a number of global standards and principles on privacy and data protection that have been developed over the past few decades, including those discussed in Section III. Legal Framework.
Figure 12. Privacy frameworks for personal data
Source: Privacy by Design: Current Practices in Estonia, India, and Austria. For details on privacy frameworks, see OECD (2013), Cavoukian (2011), the ISO/IEC 29100, and EU (2016).
Implementing a privacy-and-security-by-design approach requires complementary controls throughout the ID system lifecycle. This includes:
Legal controls for privacy and data protection, as well as information and cyber security;
Management controls for monitoring, oversight, and risk management;
Operational controls that promote security awareness, training, and detection; and
Technology controls that limit and protect the processing of personal data and ensure the physical and virtual security of systems that process this data (adapted from ISO/IEC 29100).
Each of these controls are complementary; on their own, each will be insufficient maximize the privacy and protection of personal information.
This section focuses on privacy- and security-enhancing technologies, design strategies, and operational controls—legal and management controls are discussed more thoroughly in Section III. Legal Frameworks. Privacy-enhancing technologies (sometimes called PETs) are a category of ICT measures, products, or services that protect privacy by eliminating or reducing PII or by preventing unnecessary or unauthorized processing of PII without losing the functionality of the system (ISO/IEC 29100).
As articulated in a recent report from the European Union Agency for Network and Information Security (ENISA) and summarized in Table 21, technology and operational controls can help protect personal data in multiple ways, including by minimizing data collection and processing, hiding personal data and their interrelationships, separating or distributing data processing, aggregating data to a level where it is not identifiable, informing people regarding data processing, giving control over data processing, enforcing privacy policies, and demonstrating compliance with privacy legislation (Danezis et al. 2015).
Table 21. Examples of privacy and data protection enhancing technologies and operational controls
|Strategy||Example solutions (not exhaustive)|
|Data-oriented||Minimize the collection and processing of personal data to limit the impact to privacy of the system||
|Hide personal data and their interrelationships from plain view to achieve unlinkability and unobservability, minimizing potential abuse|
|Separate, compartmentalize, or distribute the processing of personal data whenever possible to achieve purpose limitation and avoid the ability to make complete profiles of individuals||
|Aggregate personal data to the highest-level possible when processing to restrict the amount of personal data that remains||
|Process-oriented||Inform individuals whenever their data is processed, for what purpose, and by which means||
|Give individuals tools to control the processing of their data and to implement data protection rights and improve the quality and accuracy of data||
|Source: Framework adapted from Danezis et al. (2015) available at to fit the ID system context. This table is meant to be illustrative of common privacy-enhancing technologies and operational controls, but it is not exhaustive. For emerging solutions, users are also encouraged to consult the online, crowd-sourced catalog of privacy patterns currently being developed by UC Berkeley’s School of Information.|
The specific privacy- and security-enhancing operational and technical controls adopted by an ID system will depend on context and other design choices. Some important categories of these technologies and strategies are discussed in more detail below, including: