By Aleksandar Velinov, University Goce Delcev, Štip, Macedonia.
The amount of data transmitted is constantly increasing. Data varies according to its context, purpose and structure. The context can be: personal, human, medical, financial etc. The purpose varies too: reporting, statistics, processing, controlling, monitoring patients’ conditions etc. Data can be unstructured, semi-structured and structured. The last two years have been dominated by the Covid-19 pandemic and as a consequence, the amount of human data used for medical purposes has increased exponentially. With the digitalisation of most processes, intruders have more opportunities for identity thefts. That is why we need to start thinking about appropriate methods to secure data from unauthorised access and protect our digital identity.
The fundamental right to privacy is enshrined in the United Nations Declaration of Human Rights. According to the General Data Protection Regulation (GDPR), adequate protection and privacy of personal data must be ensured. To this effect there is a proposal for digital identity regulation and data protection (https://www.law.kuleuven.be/citip/blog/the-new-digital-identity-regulation-proposal/). Other international and regional regulations take special interest in securing the right to privacy and protecting our digital identity. These regulations are very important, but even more so is their implementation and observance.
With the onset of the Covid-19 pandemic, countries began to introduce appropriate measures to protect against the virus. Regular monitoring to ensure control of the situation requires constant data processing. This concerns mostly medical, health and other personal human data. Organisations share data of employees who are infected in order to protect other employees. Healthcare facilities are introducing platforms where each patient has their own digital identity. This should be done in compliance with the relevant laws for privacy protection, but sometimes it is difficult to strike a balance between the protection measures proposed and the provision of privacy. For example, privacy can be secured by proper data encryption, but encrypted data would have no effect on the protection of other employees. On the other hand, it is good to encrypt the data when transmitting over a network to protect it from unauthorised access. Another circumstance in which privacy can be violated is the action of tracking and monitoring people. Although this is done in order to ensure proper control over the epidemiological situation, special attention must be paid to privacy and protection of digital identity. Some countries have introduced contactless temperature measurement technologies in public transport and applications enable to locate proximity to infected people. People who are in quarantine are monitored in order to prevent possible violations of such measures. In all these cases all the personal data used must be protected.
In this particular period of our history, the digitalisation of processes has seen an incredible acceleration. All the bans on personal contacts and visits to institutions, quarantines, etc. undoubtedly reinforced the need for the digitalisation of certain processes as well as the improvement of previous implementations. But how much attention did organisations pay to the data? How concerned were organisations with people’s privacy and digital identities? Are all mechanisms in place to prevent unauthorised access to data and identity theft?
The need for automated data processing saves time and allows fast data analysis, but for automated personal data processing, privacy should be preserved.
How to protect privacy:
- Encrypt personal data where possible https://www.getapp.com/resources/common-encryption-methods/
- Depersonalise data where possible https://uzjournals.edu.uz/cgi/viewcontent.cgi?article=1252&context=ijctcm
- Harmonisation of digitised processes with legal regulation for privacy protection https://www.digitallawjournal.org/jour/article/view/5
- Consent for processing users’ personal data https://gdpr-info.eu/issues/consent/
- Verification of the privacy preservation and provision of an appropriate level of protection https://cordis.europa.eu/project/id/661362/fr
Some simple steps to protect our digital identity:
- Using a password manager
- Using multiple online identities
- Using passphrases, not passwords
- Two factor authentication
- Avoiding public WiFi
About the Author
Aleksandar Velinov is teaching / research assistant and PhD candidate at the Faculty of Computer Science, University Goce Delcev in Štip, Macedonia where he received his MSc degree in Computer Science in 2016. His fields of interest and research include computer and network security, security of IoT-communication, digital steganography, Internet of Things (IoT), Machine-to-Machine (M2M), big data, big data analysis, learning analytics, cloud computing and mobile technologies.
Also this year GÉANT joins the European Cyber Security Month, with the 'Cyber Hero @ Home' campaign. Read articles from cyber security experts within our community and download resources from our awareness package on https://dev.connect.geant.org/csm2021