Mar 302018
 

I have created so many mindmaps using Freemind – my favorite tool for capturing & logging stuff.
Now I just need to revisit most of them and start writing up my Thesis.
In going through my many maps I came across the 1st map I did on ‘data’. Posting the
data map here.

Yesterday evening, 29th March 2018 I attended a BCS Law Specialist Group event – GDPR: Anonymisation,re-identification risk and GDPR profiling. The talk was presented by Dr. Amandine Jambert from the French Data Authority CNIL. The anonymisation slide is interesting. I asked whether the WP29 thinking (& their opinions) about the 3 properties are for the ‘direct and indirect’ way of identification of the personal data. The answer was not in the method itself but that the properties are for ‘all data types’ i.e. any dataset. Her exact wordings ‘ use by anyone on any dataset’. Also, the DPA (DPO/Organisation?) needs to prove (or justify or show) that the dataset has indeed been anonymised (using any of the 2 options). My understanding is that the anonymisation if done (risk-based, database and/or algorithmic-driven) should not enable the direct and indirect re-identification of the individual(s).

As noted on this slide: ‘No single technique eliminates all risks’.

It’s near impossible to identify/isolate ‘all the direct/indirect re-identification risks’ associated with any dataset, assuming the dataset is available and not hidden in some Cloud and/or in a chain of hidden registers.

We really need to re-think personal data in terms of ‘the harm to individuals’ as there’s no absolutely sure way of preventing re-identification risks (i.e. singling out, linkability or inference/deduction etc.)

Overall a great talk.

I just noticed the slides and talk are available online: BCS Law talk 29th March 2018

 Posted by on March 30, 2018 at 1:54 pm
Feb 252018
 

I am now extending my user evaluation (January-February schedule) to March as January was a quiet month. It has been difficult to get practitioners in industry to commit their time to participate in my user evaluations study. Personal data incidents are still regarded ‘scary’ stuff to disclose or to talk about openly or even privately with a researcher.

Even after I reassure folks that my research does not require disclosing any personal or commercially sensitive information, folks (esp. senior managers) still won’t allow their employees (those that have the relevant knowledge/experience) to share and participate in my research.This is a pity as they will certainly learn something in sharing and participating in my user evaluation. According to this news, the #FCA is to require UK banks to make details of cyber security #incidents public from August 2018. Under the GDPR, organisations processing personal data of EU residents/citizens will need to report certain breaches to the ICO and also to affected individuals. My prototype dashboard will help organisations to conduct an initial personal data harm assessment.

So far, practitioners who took my user evaluation study involving a questionnaire and the prototype dashboard have expressed positive remarks and provided suggestions for further improvement or commercialisation of the prototype concepts.

 Posted by on February 25, 2018 at 3:29 pm
Jan 052018
 

I’m hopeless at making New Year Resolutions (& don’t believe in making them), so will just remind myself by posting this blog with this message:

I will finish my PhD by the end of October 2018

 Posted by on January 5, 2018 at 12:42 am