CISO required evidence for DPO that a new business intelligence dataset had been designed in compliance with GDPR best practices.

The company was delivering a new product to customers to provide statistical health analytics of populations using a large datastore of personal data. The data model had been designed to minimise compliance needs with GDPR using anonymisation. Given the sensitivity and volume of the data involved, the DPO required evidence from the CISO that the design was effective in preserving individual privacy in line with ICO best practices.

The ICO recommends motivated intruder testing to establish the risk of a reidentification attack from any anonymised or pseudonymised dataset.

• A privacy threat modelling effort of the data model design enabled definition of risks for different attributes designed to be stored.
• To minimise the compliance burden with GDPR a sample dataset was created following the data model using personal data purchased, with consent, from individuals fully informed of the use of the data.
• Practical testing of correlation of data stored in the same dataset against public sources to objectively establish required effort for a reidentification attack against sample individuals.
• Identification of the highest risk/least value attributes stored to be removed from the data model during the design and planning phase.

The provision of the report highlighted some low value, high risk attributes designed into the planned service which could be removed to substantially reduce the risk of a reidentification attack before development efforts on the project began, removing the need to either accept the risk or carry out costly remediation after development.

A practical demonstration of the effort required for reidentification given the data model provided credibility when raising privacy considerations during project design sessions. Illustrating the consequences with real data highlighted which attributes were truly essential to the intended product, and which were unnecessarily included without sufficient justification for the risk.

Motivated intruder testing aligns with ICO recommendations, and a practical assessment goes beyond the normal requirements giving a good defense of better than reasonable efforts in the event of a notifiable incident.

• analytics
• Big Data
• Privacy
• cyber security
• information security
• Security by Design

• BI & Analytics