Securing Personally Identifiable Information: A Survey of SOTA Techniques, and a Way Forward

Imran Makhdoom; Mehran Abolhasan; Justin Lipman; Negin Shariati; Daniel Franklin; Massimo Piccardi

doi:10.1109/ACCESS.2024.3447017

IEEE Access (Jan 2024)

Securing Personally Identifiable Information: A Survey of SOTA Techniques, and a Way Forward

Imran Makhdoom,
Mehran Abolhasan,
Justin Lipman,
Negin Shariati,
Daniel Franklin,
Massimo Piccardi

Affiliations

Imran Makhdoom: ORCiD; Faculty of Engineering and IT, University of Technology Sydney, Ultimo, Australia
Mehran Abolhasan: ORCiD; Faculty of Engineering and IT, University of Technology Sydney, Ultimo, Australia
Justin Lipman: ORCiD; Faculty of Engineering and IT, University of Technology Sydney, Ultimo, Australia
Negin Shariati: ORCiD; Faculty of Engineering and IT, University of Technology Sydney, Ultimo, Australia
Daniel Franklin: ORCiD; Faculty of Engineering and IT, University of Technology Sydney, Ultimo, Australia
Massimo Piccardi: ORCiD; Faculty of Engineering and IT, University of Technology Sydney, Ultimo, Australia

DOI: https://doi.org/10.1109/ACCESS.2024.3447017
Journal volume & issue: Vol. 12
pp. 116740 – 116770

Abstract

Read online

The current age is witnessing an unprecedented dependence on data originating from humans through the devices that comprise the Internet of Things. The data collected by these devices are used for many purposes, including predictive maintenance, smart analytics, preventive healthcare, disaster protection, and increased operational efficiency and performance. However, most applications and systems that rely on user data to achieve their business objectives fail to comply with privacy regulations and expose users to numerous privacy threats. Such privacy breaches raise concerns about the legitimacy of the data being processed. Hence, this paper reviews some notable techniques for transparently, securely, and privately separating and sharing personally identifiable and non-personally identifiable information in various domains. One of the key findings of this study is that, despite various advantages, none of the existing techniques or data sharing applications preserve data/user privacy throughout the data life cycle. Another significant issue is the lack of transparency for data subjects during the collection, storage, and processing of private data. In addition, as privacy is unique to every user, there cannot be a single autonomous solution to identify and secure personally identifiable information for users of a particular application, system, or people living in different states/countries. Therefore, this research suggests a way forward to prevent the leakage of personally identifiable information at various stages of the data life cycle in compliance with some of the common privacy regulations around the world. The proposed approach aims to empower data owners to select, share, monitor, and control access to their data. In addition, the data owner is a stakeholder and a party to all data sharing contracts related to his personal data. The proposed solution has broad security and privacy controls that can be tailored to the privacy needs of specific applications.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords