Data Warehousing is a key data management technology for integrating the various data sources and organising them so that it can be effectively mined. Thus, it is essentially a process of collecting and managing data from varied sources to provide meaningful business insights. Data Warehousing consists of multiple stages. Previously, the organizations use to engage in the data warehousing in a relatively simple manner, however, over the time, these organizations started engaging in Data Warehousing in a sophisticated manner.
In spite of complexity with time, Data Warehouse has been a trusted mechanism for Data Mining. Yet, it brings with itself various complexities, including but not limited to data security and privacy concerns. Data Warehousing quintessentially deals with Sensitive Personal Information which may lead to breach of privacy. Further, , mere data will not lead to any privacy concerns however, if the said data is collated, the threat of identity theft rises, leading to grave outcomes in the future.
There are numerous industries where there is prevalent usage of data warehousing, namely, civil aviation, banking, healthcare, etc. Hence, it has become imminent to have a legislation which ensures data security, data protection and privacy preservation.
GENERAL STAGES OF DATA WAREHOUSING
The following are general stages of use of the data warehouse
In this stage, data is just copied from an operational system to another server. In this way, loading, processing, and reporting of the copied data do not impact the operational system’s performance.
Data which is stored in the Data Warehouse is regularly updated from the operational database. At this stage, the data in Data Warehouse is mapped and transformed so to carry out its Data Warehouse objectives.
In this stage, Data Warehouses are updated whenever any transaction takes place in operational database. For example, Airline or railway booking system.
In this stage, the Data Warehouses the operational system work parallely when any transaction is being performed . Herein, the Data Warehouse generates transactions which are passed back to the operational system.
COMPONENTS OF DATA WAREHOUSE
The major components of Data Warehouses are as follows:
IMPLEMENTATION OF THE DATA WAREHOUSING PROCESS:
The best way to address the business risk associated with a Data Warehouse implementation is to employ a three-prong strategy, which is as follow:
SECTORS WITH PREVALENT USAGE OF DATA WAREHOUSING
Here, are the prevalent sectors where Data warehouse is used:
In the Aviation industry, the Data Warehouse is used for operation purposes like crew assignment, analyses of route profitability, frequent flyer program promotions, etc.
It is widely used in the banking sector to manage the resources available on desk, effectively. It can also be used for the purpose of market research, performance analysis of the product and operations.
Healthcare sector also uses Data warehouse to strategize and predict outcomes, generate patient’s treatment reports, share data with tie-in insurance companies, medical aid services, etc.
In the Public Sector, Data Warehouse is used for intelligence gathering. It helps government agencies to maintain and analyze tax records and health policy records for every individual.
In this sector, the Data Warehouses are primarily used to analyse data patterns, customer trends, and to track market movements.
In retail chains, Data Warehouse is widely used for distribution and marketing. It also helps to track items, customer buying pattern, promotions and also used for determining pricing policy.
In Telecommunication sector, the Data Warehouse is used in this sector for product promotions, to make sales and distribution decisions.
This Industry utilizes Data Warehouse services to design as well as estimate their advertising and promotion campaigns where they want to target clients based on their feedback and travel patterns.
DATA SECURITY AND PRIVACY OF INDIVIDUALS IN DATA MINING & DATA WAREHOUSING
Since Data Warehousing and Mining deals with processing of “Sensitive Personal Information”, data privacy and data security are a matter of concern. In this digital era, owing to the technological advancement, concerns and issues pertaining to have increased exponentially.
It is not possible to structure rules to fit Data Mining into a box so to ensure that there is no threat to privacy. As it goes with every technological medium, there is an ethical use and there is unethical use. Ethical use is one where the database is handled by an authorized miner for to achieve a purpose which is both beneficial and legal.. However, when the Data Mining technology is used by an unauthorised person in an unethical manner, there is a probability of personal data getting breached. . If there is a structure in place, that differentiates and enunciates rules with regard to the usage of the Data Mining i.e., as to who is authorized to access Data Mining, purposes of Data Mining, manner of Data Mining, restrictive use of Data Mining, than there can sense of data security, data privacy and an overall privacy of sensitive information. .
The same concern issue persists in collecting data. While collecting data we might come across and learn about individual’s data items. An individual might not care about someone knowing some common information about them like- name, date of birth, gender etc.,However, it is this data, which is freely accessible over the internet domain, that is eventually used in identity theft. Important Legal Provisions affecting Data Warehousing & Mining
Each Individual has right to choose as to what data they wish to share over the internet domain and as to how much access is to be given to the service providers. An individual needs to be aware of those rights to protect their Sensitive Personal Information from getting misused. Some of such rights to be kept in mind are:
According to subsection 6 of rule 5, of the Information Technology (Reasonable security practice and procedure and sensitive personal data or information) Rule, 2011 (hereinafter referred to as the “IT Rules”) directs that any person or body corporate on its behalf must allow providers of information or data subjects to examine the information they may have given.
To strengthen data protection mechanisms, the data protection laws in India also provides for the right to erasure or “to be forgotten” wherein the data principal shall have the right to have their personal data corrected or even deleted.
Rule 5 of the IT Rules stipulates that the data subject or provider of information shall have the option to later withdraw consent which may have the choice to later withdraw the consent which may have been issued to the corporate institution previously; such withdrawal of consent should be stated in writing to the corporate body. On withdrawal of consent, the corporate body is forbidden from processing the personal information or data in question.
Data subjects have rights with respect to disclosure of the information they provide. The disclosure of Sensitive Personal Information needs the provider’s prior permission unless either:
The Kerala High Court in the case of Balu Gopalakrishnan v. State of Kerala [WP(C) 9498/2020], passed an interim order on the export of COVID-19 related data by the State Government of Kerala to a US-based entity, Sprinklr, for data analytics. The High Court held that certain measures were to be implemented by the State Government before granting Sprinklr access to the data.
The division bench communicated its apprehensions regarding the proper protection of data and observed that the COVID-19 pandemic should not turn into a “data epidemic” at a later stage.
The Kerala High Court further observed that data confidentiality is about protecting data from unlawful, unauthorized and unintentional access and disclosure. Therefore, the authorizations to view, share and use data forms the hypostasis of all confidentiality requirements. The Hon’ble High Court also observed that the corner stone of managing data confidentiality is, to a large extent, determined by the control over access to it and the modus and manner in which it has been dealt with.
The Bureau of Indian Standards (hereafter referred to as “BIS”) officially announced its new standards for data privacy assurance, namely IS 17428, which was published in the official Gazette on December 21, 2020. The standard seeks to provide a privacy assurance framework for organizations to establish, implement, maintain and continually improve their data privacy management system. It comprises two parts – one being the prescriptive part where the requirements are to be mandatorily implemented by anyone applying the standard and the other part being the suggestive part with detailed best practices to aid in implementing the requirements of the prescriptive part.
The Digital Personal Data Protection Bill, 2022 is an essential step towards ensuring data security, data protection and privacy preservation. Taking into consideration the advancement of technology in the Data Mining Sector, the law also has to examine the increase in nefarious elements who steal data and sell them in dark web forums.
Trying to increase the awareness amongst individual through programmes like United States House of Representatives Data Breach and Cleartrip Data Breach of Indian Customers, all across the world has made the need for the law on Data Protection to be stronger than ever before. Thus, our law needs to keep pace with the advent of technological changes so that the parties involved as well as the person whose data is being analyzed are safeguarded from any malicious or inadvertent violation of their privacy or their fundamental rights.
– Team AMLEGALS assisted by Ms. Maneesha. S (Intern)
For any query or feedback, please feel free to get in touch with email@example.com or firstname.lastname@example.org.