Information (Feb 2025)
Proactive Data Categorization for Privacy in DevPrivOps
Abstract
Assessing privacy within data-driven software is challenging due to its subjective nature and the diverse array of privacy-enhancing technologies. A simplistic personal/non-personal data classification fails to capture the nuances of data specifications and potential privacy vulnerabilities. Robust, privacy-focused data categorization is vital for a deeper understanding of data characteristics and the evaluation of potential privacy risks. We introduce a framework for Privacy-sensitive Data Categorization (PsDC), which accounts for data inference from multiple sources and behavioral analysis. Our approach uses a hierarchical, multi-tiered tree structure, encompassing direct data categorization, dynamic tags, and structural attributes. PsDC is a data-categorization model designed for integration with the DevPrivOps methodology and for use in privacy-quantification models. Our analysis demonstrates its applicability in network-management infrastructure, service and application deployment, and user-centered design interfaces. We illustrate how PsDC can be implemented in these scenarios to mitigate privacy risks. We also highlight the importance of proactively reducing privacy risks by ensuring that developers and users understand the privacy “value” of data.
Keywords
