Towards Designing a Privacy-Oriented Architecture for Managing Personal Identifiable Information

Abstract

Recent threat reports have warned researchers and security professionals about a shortage of cybersecurity skills to face devastating personal data breaches. As a response, governments have taken on the challenge of proposing specific legislation to protect citizens' privacy while holding information-processing companies accountable for any misuse. However, unauthorized access to such information, or possible negligent destruction of personal records are some issues that cannot be dealt with privacy laws alone. In this research, we introduce the functional requirements to deploy PriVARq, a novel privacy-oriented architecture to proactively manage any consensual submission of personal identifiable information (PII); i.e. during its collection, processing, verification and transference. PriVARq’s main contribution is the balance between legal frameworks and industry-leading security standards to mitigate the former’s shortage of practical solutions to tackle some privacy and security issues when dealing with PII. Consequently, for defining PriVARq’s functional requirements, a privacy-by-design approach is employed which not only considers legislation proposed in Europe and Latin America but also analyzes technical aspects outlined in international security standards. We aim to provide a proactive approach to reduce the shortage of skills and solutions to tackle privacy leakages in public repositories and devise future research venues to implement PriVARq in public and private organizations.