A Short Course on Data Protection & Privacy Techniques

(Laws - Regulations - Compliances - Guidelines)

IIT Bombay

Introduction to Data Privacy

• Authentication, Authorization, Identity
• Life-cycle of data, PII
• Data Utility and Privacy
• Views on Privacy

• Predominant Views of Privacy
• Contextual Integrity
• Privacy rights in the context
• Inverse privacy

Role of Technology: Data Protection & Privacy

• Data protection principles
• Sanitization, Anonymity, Pseudo-anonymity
• Anonymization Techniques:

• k-anonymity, l-diversity, t-closeness
• Generalization, masking, swapping, perturbation, anatomization

• Re-identification risks

• membership/attribute/identity disclosure

• Violations via leakage,

• Linkability and Inference Control
• Business Analytics

•  Differential Privacy

• Various Approaches
• A role for the census, industrial streaming user data

Data Laws & Regulations

• Privacy in Healthcare Data

• HIPAA

• Personal Data Protection

• GDPR
• Indian laws

• Technology to Protect Privacy
• Personal data Store Web 3.0

Challenges & Guidelines

• AI/ML, Explainable AI, Fairness
• OSNs: Facebook
• Best Practices & Guidelines
• OECD Guidelines
• NIST Privacy Framework

Hands-on Tools

Some exposure to selected typical tools for large statistical or tools for differential privacy used by Google, Apple etc.

About the course:

Data is new Gold. Every organization that deals with data have to have a strategy to protect the data it handles and also a policy to utilize that data in a privacy-preserving fashion. Not having a data protection mechanism in place and not providing privacy to the data has adverse financial, legal, and reputational consequences for the organization. Therefore, in the pretext of upcoming data protection and privacy law, it is of paramount importance to evaluate the prevalent data protection strategies and associated privacy practices of an organization. The audience will be exposed to the fundamental nature of information, information processing, information protection, and how the notion of privacy emerges. IT Law and the proposed PDP Act can be enforced effectively when the legal interpretation is derived with a clear understanding of the nature of the information. We shall explore how technology plays a vital role in not only preserving privacy but also breaking it; thus, helping you to demarcate the role of law and technology in realizing an effective suite of the data protection & privacy techniques.

The course is organized into three parts. In the first part, the concepts and methodologies required throughout the life-cycle of the data will be presented. The second part of the course deals with: the laws, regulations, and compliances across major global economies; then, their practical limitations and possible measures to mitigate the risks emanating from such limitations. The third part of this course deals with the best practices, and architectural guidelines for data life-cycle management followed by live demonstrations of some tools that will be useful to the practitioners working in this field.

Who should attend:

The course is designed for persons who are involved in roles related to data life-cycle management. The course will also benefit the persons from risk management, regulation, and compliance divisions to understand the scope of technological methods used for an effective data protection and privacy regime.

Who Would be the Beneficiaries

• BPO industry
• Healthcare
• Financial services
• Insurance
• Legal Services

Course coordinators:

Prof. RK Shyamasundar (Computer Science & Engineering, IIT Bombay)

Prof. Virendra Singh (Computer Science & Engineering, IIT Bombay)

Prof. Sarthak Gaurav (School of Management, IIT Bombay)

Dr. Vishwas Patil (Computer Science & Engineering, IIT Bombay)

Further details: ivishwas@gmail.com / ivishwas@iitb.ac.in 

Last updated on: April 13, 2022