Data PrivacyA Detailed View On Data Warehousing

INTRODUCTION

Data Warehousing is a key data management technology for integrating the various data sources and organising them so that it can be effectively mined. Thus, it is essentially a process of collecting and managing data from varied sources to provide meaningful business insights. Data Warehousing consists of multiple stages.  Previously, the organizations use to engage in the data warehousing in a relatively simple manner, however, over the time, these organizations started engaging in Data Warehousing in a sophisticated manner.

 In spite of complexity with time, Data Warehouse has been a trusted mechanism for Data Mining. Yet, it brings with itself various complexities, including but not limited to  data security and privacy concerns. Data Warehousing quintessentially deals with Sensitive Personal Information which may lead to breach of privacy. Further, , mere data will not lead to any privacy concerns  however, if the said data is collated, the threat of identity theft rises, leading to grave outcomes in the future.

There are numerous industries where there is prevalent usage of data warehousing, namely, civil aviation, banking, healthcare, etc. Hence, it has become imminent to have a legislation which  ensures data security, data protection and privacy preservation.

GENERAL STAGES OF DATA WAREHOUSING

The following are general stages of use of the data warehouse

• Offline Operational Database:

In this stage, data is just copied from an operational system to another server. In this way, loading, processing, and reporting of the copied data do not impact the operational system’s performance.

• Offline Data Warehouse:

Data which is stored in the Data Warehouse is regularly updated from the operational database. At this stage, the data in Data Warehouse is mapped and transformed so to carry out  its Data Warehouse objectives.

• Real time Data Warehouse:

In this stage, Data Warehouses are updated whenever any transaction takes place in operational database. For example, Airline or railway booking system.

• Integrated Data Warehouse:

 In this stage, the Data Warehouses the operational system  work parallely when any transaction is being performed . Herein, the Data Warehouse generates transactions which are passed back to the operational system.

COMPONENTS OF DATA WAREHOUSE

The major components of Data Warehouses are as follows:

• Load manager: Load manager is also called the front component. It performs all the operations associated with extracting and loading of data into the warehouse. These operations include transformations to prepare the data for entering into the Data warehouse.
• Warehouse Manager: Warehouse manager performs operations associated with the management of the data in the warehouse. It performs operations like analysis of data to ensure consistency, creation of indexes and views, generation of de-normalization and aggregations, transformation and merging the sources of data and archiving and backing-up data.
• Query Manager: Query manager is also known as backend component. It manages, schedules and executes the process related to user queries. The manager is responsible for directing the user queries to the appropriate tables in the Data Warehouse and further delivers data to the users in a format that is understandable by the user. related to the management of user queries. The operations of this Data Warehouse component are usually direct queries to the appropriate tables for scheduling the execution of queries.
• End-user access tools: This is categorized into five different groups like Data Reporting, Query Tools, Application development tools, Executive Information System tools, Online analytical processing tools and data mining tools.

IMPLEMENTATION OF THE DATA WAREHOUSING PROCESS:

The best way to address the business risk associated with a Data Warehouse implementation is to employ a three-prong strategy, which is as follow:

1. Enterprise strategy: The technical aspects, including current architecture and tools, are identified here. In addition, facts, dimensions, and qualities are identified as well. Data transformation and mapping are also supported.
2. Phased delivery: Data Warehouse implementation should be phased, based on subject areas. Related business entities like booking and billing should be first implemented and then integrated with each other
3. Iterative Prototyping: Rather than a big bang approach to implementation, the Data Warehouse should be developed and tested iteratively.

SECTORS WITH PREVALENT USAGE OF DATA WAREHOUSING

 Here, are the prevalent sectors where Data warehouse is used:

• Civil Aviation

In the Aviation industry,  the Data Warehouse is used for operation purposes like crew assignment, analyses of route profitability, frequent flyer program promotions, etc.

• Banking

It is widely used in the banking sector to manage the resources available on desk, effectively.  It can  also be used for the purpose of  market research, performance analysis of the product and operations.

• Healthcare

Healthcare sector also uses  Data warehouse to strategize and predict outcomes, generate patient’s treatment reports, share data with tie-in insurance companies, medical aid services, etc.

• Public sector

In the Public Sector, Data Warehouse is used for intelligence gathering. It helps government agencies to maintain and analyze tax records and health policy records for every individual.

• Investment and Insurance sector

In this sector, the  Data Warehouses are primarily used to analyse data patterns, customer trends, and to track market movements.

• Retail chain

In retail chains, Data Warehouse is widely used for distribution and marketing. It also helps to track items, customer buying pattern, promotions and also used for determining pricing policy.

• Telecommunication

In Telecommunication sector, the  Data Warehouse is used in this sector for product promotions,  to make sales and distribution decisions.

• Hospitality Industry

This Industry utilizes Data Warehouse services to design as well as estimate their advertising and promotion campaigns where they want to target clients based on their feedback and travel patterns.

DATA SECURITY AND PRIVACY OF INDIVIDUALS IN DATA MINING & DATA WAREHOUSING

Since Data Warehousing and Mining deals with processing of “Sensitive Personal Information”, data privacy and data security are a matter of concern. In this digital era, owing to the technological advancement, concerns  and issues pertaining to  have increased exponentially.

It is not possible to structure rules to fit Data Mining into a box  so  to ensure that there is no threat to privacy.    As it goes with every technological medium, there is an ethical use and there is unethical use.  Ethical use is one  where the database is handled by an authorized miner for to achieve a purpose which is both beneficial and legal.. However, when the Data Mining technology is used by an unauthorised person in an unethical manner,  there is a probability of personal data getting breached. .  If there is a structure in place,  that differentiates and enunciates rules with regard to the usage of the Data Mining i.e., as to who is authorized to access Data Mining, purposes of Data Mining, manner of Data Mining, restrictive use of Data Mining, than there can sense of data security, data privacy and an overall privacy of sensitive information. .

The same concern  issue persists in  collecting data. While collecting data we might come across and learn about individual’s data items. An individual might not care about someone knowing some common information about them like- name, date of birth, gender etc.,However, it is this data, which is freely accessible over the internet domain, that is eventually used in identity theft.  Important Legal Provisions affecting Data Warehousing & Mining

Each Individual  has right to choose as to what data they wish to share over the internet domain and as to how much access is to be given to the service providers. An individual needs to be aware of those rights to protect their Sensitive Personal Information from getting misused. Some of such rights to be kept in mind are:

• Access to data:

According to subsection 6 of rule 5, of the Information Technology (Reasonable security practice and procedure and sensitive personal data or information) Rule, 2011 (hereinafter referred to as the “IT Rules”) directs that any person or body corporate on its behalf must allow providers of information or data subjects to examine the information they may have given.

• Right to Erasure of Data:

To strengthen data protection mechanisms, the data protection laws in India also provides for the right to erasure or “to be forgotten” wherein the data principal shall have the right to have their personal data corrected or even deleted.

• Objection to processing:

Rule 5 of the IT Rules stipulates that the data subject or provider of information shall have the option to later withdraw consent which may have the choice to later withdraw the consent which may have been issued to the corporate institution previously; such withdrawal of consent should be stated in writing to the corporate body. On withdrawal of consent, the corporate body is forbidden from processing the personal information or data in question.

• Disclosure of data:

Data subjects have rights with respect to disclosure of the information they provide. The disclosure of Sensitive Personal Information needs the provider’s prior permission unless either:

1. Disclosure has already been agreed to be in the contract between the data subject and the data controller or
2. Disclosure is required for compliance with a legal obligation. There are exceptions to this rule, if an order under law has been made, or if a disclosure must be made to Government agencies mandated under the law

• Sharing of data with Third Parties by Government.

The Kerala High Court in the case of Balu Gopalakrishnan v. State of Kerala [WP(C) 9498/2020], passed an interim order on the export of COVID-19 related data by the State Government of Kerala to a US-based entity, Sprinklr, for data analytics. The High Court held that certain measures were to be implemented by the State Government before granting Sprinklr access to the data.

The division bench communicated its apprehensions regarding the proper protection of data and observed that the COVID-19 pandemic should not turn into a “data epidemic” at a later stage.

The Kerala High Court further observed that data confidentiality is about protecting data from unlawful, unauthorized and unintentional access and disclosure. Therefore, the authorizations to view, share and use data forms the hypostasis of all confidentiality requirements. The Hon’ble High Court also observed that the corner stone of managing data confidentiality is, to a large extent, determined by the control over access to it and the modus and manner in which it has been dealt with.

• Bureau of Indian Standards publishes Data Privacy standards

The Bureau of Indian Standards (hereafter referred to as “BIS”) officially announced its new standards for data privacy assurance, namely IS 17428, which was published in the official Gazette on December 21, 2020. The standard seeks to provide a privacy assurance framework for organizations to establish, implement, maintain and continually improve their data privacy management system. It comprises two parts – one being the prescriptive part where the requirements are to be mandatorily implemented by anyone applying the standard and the other part being the suggestive part with detailed best practices to aid in implementing the requirements of the prescriptive part.

AMLEGALS REMARK

The Digital Personal Data Protection Bill, 2022 is an essential step towards ensuring data security, data protection and privacy preservation. Taking into consideration the advancement of technology in the Data Mining Sector, the law also has to examine the increase in nefarious elements who steal data and sell them in dark web forums.

Trying to increase the awareness amongst individual through programmes like United States House of Representatives Data Breach and Cleartrip Data Breach of Indian Customers, all across the world has made the need for the law on Data Protection to be stronger than ever before. Thus, our law needs to keep pace with the advent of technological changes so that the parties involved as well as the person whose data is being analyzed are safeguarded from any malicious or inadvertent violation of their privacy or their fundamental rights.

– Team AMLEGALS assisted by Ms. Maneesha. S (Intern)

For any query or feedback, please feel free to get in touch with falak.sawlani@amlegals.com or mridusha.guha@amlegals.com.