Privacy & IT Architecture

Terms of use

Terms of Use

The use of this site and the content contained therein is governed by the Terms of Use. When you use this site you acknowledge that you have read the Terms of Use and that you accept and will be bound by the terms hereof and such terms as may be modified from time to time.

All text, graphics, audio, design and other works on the site are the copyrighted works of nasscom unless otherwise indicated. All rights reserved.
Content on the site is for personal use only and may be downloaded provided the material is kept intact and there is no violation of the copyrights, trademarks, and other proprietary rights. Any alteration of the material or use of the material contained in the site for any other purpose is a violation of the copyright of nasscom and / or its affiliates or associates or of its third-party information providers. This material cannot be copied, reproduced, republished, uploaded, posted, transmitted or distributed in any way for non-personal use without obtaining the prior permission from nasscom.
The nasscom Members login is for the reference of only registered nasscom Member Companies.
nasscom reserves the right to modify the terms of use of any service without any liability. nasscom reserves the right to take all measures necessary to prevent access to any service or termination of service if the terms of use are not complied with or are contravened or there is any violation of copyright, trademark or other proprietary right.
From time to time nasscom may supplement these terms of use with additional terms pertaining to specific content (additional terms). Such additional terms are hereby incorporated by reference into these Terms of Use.

Disclaimer

The Company information provided on the nasscom web site is as per data collected by companies. nasscom is not liable on the authenticity of such data.
nasscom has exercised due diligence in checking the correctness and authenticity of the information contained in the site, but nasscom or any of its affiliates or associates or employees shall not be in any way responsible for any loss or damage that may arise to any person from any inadvertent error in the information contained in this site. The information from or through this site is provided "as is" and all warranties express or implied of any kind, regarding any matter pertaining to any service or channel, including without limitation the implied warranties of merchantability, fitness for a particular purpose, and non-infringement are disclaimed. nasscom and its affiliates and associates shall not be liable, at any time, for any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communications line failure, theft or destruction or unauthorised access to, alteration of, or use of information contained on the site. No representations, warranties or guarantees whatsoever are made as to the accuracy, adequacy, reliability, completeness, suitability or applicability of the information to a particular situation.
nasscom or its affiliates or associates or its employees do not provide any judgments or warranty in respect of the authenticity or correctness of the content of other services or sites to which links are provided. A link to another service or site is not an endorsement of any products or services on such site or the site.
The content provided is for information purposes alone and does not substitute for specific advice whether investment, legal, taxation or otherwise. nasscom disclaims all liability for damages caused by use of content on the site.
All responsibility and liability for any damages caused by downloading of any data is disclaimed.
nasscom reserves the right to modify, suspend / cancel, or discontinue any or all sections, or service at any time without notice.

For any grievances under the Information Technology Act 2000, please get in touch with Grievance Officer, Mr. Anirban Mandal at data-query@nasscom.in.

New

See all

No notification found.

Privacy & IT Architecture

Rakesh Jha FIP CIPP/E CIPM PMP CSM

@pviv

April 4, 2018

GDPR

424

Building or designing Privacy in IT systems is no different than building Privacy in traditional building & utilities designs. Privacy architecture is the embodiment of the Privacy by Design (PbD) principle, which has been adopted as a privacy standard by privacy regulators worldwide. Which involves the incorporation of privacy principles and features into the basic design of information management processes and system(s).

Privacy architecture is often confused with security architecture, which is quite different. Privacy and security architectures must be coordinated and can be combined, but privacy architecture features are distinct from security architecture features.While a lot is happening in IT world , one thing is common across both sides of equator – ambiguity on role of Solution and Enterprise Architects in privacy related projects (GDPR is just a hot topic, I am saying privacy risk in any compliance or ethics format). Traditional IT architects were bred on security and ease of doing business (service integrity). Privacy emerging as a critical (N/FR – Non/Functional requirements) within IT ecosystem has resulted on questions on what and how architects will approach this situation.

For instance, Enterprise Data Privacy Architecture (EDPA) provides you with the ability to protect in isolation sensitive data fields residing in IT systems such as Web, Application and Database Servers. This architecture ensures all sensitive data in storage is encrypted, and only decrypted when required. The architecture encrypts data as early as possible – for example at Web servers, and provides many benefits including however not limited to:

Centralization of encryption keys
Separation of duties
Granular protection of sensitive data from such users as DBA’s and Root Users
Auditing and logging and consistent cryptographic interface to any type of application such as those commonly used in Web, Application and Database servers
The protection of any identified sensitive data from internal rogue employees as well as external hackers

One of the finest pair of articles on this, laying out the subtle intricacies on this matter was published by Marc Lankhorst , few months ago, in bizz design forum, without going in details , I would say that its a must read for all you fellow privacy professionals & architects – who either have similar or vested interests on this matter . The topic was – 7 Things Every Enterprise Architect Needs to Know About the GDPR

8 Steps Enterprise Architects Can Take to Deal with GDPR

Some other honorable mentions : (Read the following articles)

Deperimeterisation- nine years on– SC Magazine- January 2013
Security Think Tank: Do not trust the network to ensure secure collaboration– ComputerWeekly.com- May 2014
It’s All About the Data, Dummy– Raconteur.net- March 2014
Jericho Forum

Disclaimer

That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.

Rakesh Jha FIP CIPP/E CIPM PMP CSM