Regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) provide a sound legal framework to handle personal data. What constitutes personal data, however, becomes ambiguous in the context of technical implementation and the level of cryptographic assurance required for protecting the identity of a governing entity.
Moreover, the definition of personal data in the GDPR is not granular enough to enforce the flagging of a transaction date or an unstructured data input which could subsequently be misused to extract Personally Identifiable Information (PII). Furthermore, cryptographic assurance can only be established if attributes, which require cryptographic encoding are marked at the time of schema creation. However, for that, software developers require a community-defined list of elements or a common standard for determining which attributes to flag.
The Blinding Identity Taxonomy (BIT) is a defensive tool developed for reducing the risk of identifying data subjects within blinded datasets. BIT comprises a list of elements that can be referenced by the schema publishers and data controllers to mark attributes, which may contain identifying information about governing entities. Once attributes have been flagged, any marked data can be removed or encrypted during the data lifecycle and the data is blinded. A dataset may be said to be successfully blinded when a potential adversary with access to the dataset cannot identify a significant number of data principals contained in it.
The BIT is one of the under-the-hood critical pieces that are expected to fundamentally improve the online protection of personal data. The list of BIT elements is expected to continually mature alongside the exponential rise of captured data points across digital systems and technological advances such as artificial intelligence and the internet of things. Furthermore, BIT is expected to be a useful and practical guide for implementers as a de-identification technique and a resource to provide assurances to stakeholders about their datasets.
Click here to read the original article published by the Human Colossus Foundation.
Please give your feedback on this article or share a similar story for publishing by clicking here.
