Google to follow PIPEDA

Google announced today that it will follow the Canadian Privacy Law (PIPEDA) when it comes to Street View imaging. Canada’s privacy commissioner is happy and thinks Google and Calgary based Immersive Media is heading in the right direction. The commissioner is yet to hear the formal announcement from the both the companies.

Google plans to blur or lower the resolution of the images of individuals captured. This will prevent identifying an individual through Google Street Wise.

I wonder what happens to the images that are already captured by Immersive Media. Would they be erased or archived? Is there any assurance that those images will not available at all to anyone any more?

Google Maps Streetview

Google is again on the news for privacy reasons. The Canadian Privacy Commissioner has raised concerns regarding the privacy of individuals captured in each and every photographs of streetwise. The resolution of the pictures is high enough to identify the individuals in the pictures.

It’s a good feature providing better navigational help for folks who are strangers to a city. However, how about certain considerations on the privacy of the individuals as well as physical security of the locations captured in the photographs?

Whenever, Immersive Media is on the road to capture these pictures, I am not aware that I will be included in their captures. I may be coming out of movie theatre, a pharmacy or even a location that is deemed to be confidential only to my employer. This capture can be used against me in a court just because I was included in the capture.

Consider the photos that are freely available with certain buildings that host critical business solutions. Isn’t it easy to plan an attack on these building with a mere search on Google Maps? Streetview is available for well known cities and that’s where most of the top fortune companies are located. Some of them host their critical business functions or their data centers in these buildings.

Of course, Google offer the opportunity to take these pictures off. However, wouldn’t it be late by then?

Production Data as Test Data

In order to maintain high quality of code, a company needs to use production quality source data for development, unit test and QA functional test purposes. There could be situations when the company uses unscrambled production source data, which potentially exposes customer sensitive data. Customer sensitive data must be protected. Given that there is a correlation between the quality of test data and the quality of code delivered to production, all efforts should be made to minimize the disruption/distortion of test data, while satisfying the privacy concerns.

Try to desensitize data that is brought down to Development from Production while maintaining its quality such as referential integrity between files/tables/entities that needs to be maintained. Some projects, such as fraud detection, need to maintain meaningful data in fields such as ‘name/address/postal code’ so that patterns and groupings can be detected. All fields are within some field specific domain. The field domain or context cannot be specified ahead of time and may vary with projects. Some projects may need to maintain certain relationships of the field.

Security Guidelines

  • Data that would or deemed to have very serious or significant impact, if exposed, on confidentiality of a customer or an entity should be decoupled. The decoupling of data should be accomplished in such a way, so that after treatment it will not be possible to trace back the sensitive customer data to their real owners.
  • Data that would or deemed to have very serious or significant impact after decoupling process, if exposed, on confidentiality of a customer or an entity should be masked.

Separation of Duties

  • A developer shall determine and request the data that needs to be downloaded to development, however the request has to be reviewed and approved by a person responsible for the data.
  • The personnel executing the extraction and transformation of the data should not be the requester (or developer) and should have the approval for the execution from a person responsible for the data.
  • The above mentioned approvals will be obtained on a per project basis and not per request.

Maintaining and Protecting Referential Integrity

  • Referential Integrity shall be maintained to the records downloaded to development; however the key that maintains referential integrity may help in identifying a customer in production and should be protected. This option is possible only if the source system start protecting it.
  • Developers who have access to downloaded files should not have access to production, since the key that maintain the referential integrity may help identify a customer and associated details in production. In some cases, this option is not practically possible since developers may need to have read access to production for triage purpose.

Audit trail

  • Appropriate mechanism should be in place to properly demonstrate trail of activities (including approval) that led to the execution of a particular extraction.