DIGIT Core
Master
UrbanSanitationPublic FinanceHealthAcademyFeedback
Search
K
Links

Privacy

User data privacy design and principles
  1. 1.
    Secure by default
    • Data must be stored and transmitted securely.
    • Access to data must be role-based and on a well-defined purpose.
  2. 2.
    Privacy by default
    • Identify PII (Personally Identifiable Information)
    • Encrypting PII data
    • Masking PII data where displayed
    • Audit log when unmasked PII is requested.
    • Users should be able to view a log of who viewed their data and for what purpose.
    • Remove or Hash PII data before sending data into analytical databases.
  3. 3.
    Ownership of data must reside with the user
    • Users should be able to view their data.
    • Users should be able to request corrections to their data with appropriate proof.
  4. 4.
    Consent
    • User consent to use data should be taken explicitly and stored.
    • Users should be able to withdraw their consent at any time.
    • Users should be able to request for deletion of their data.
  5. 5.
    Purpose limitation
    • The purpose for all data stored about the user must be defined and published.
Previous
Approaches to handle Encrypted Data
Next
Privacy Design
Last modified 3mo ago
All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.