Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms

Abstract: The recent technological advances and the recent changes in the daily human activities increased the production and sharing of data. In the ecosystem of interconnected systems, data can be circulated among systems for various reasons. This could lead to exchange of private or sensitive information between entities. Data Sanitisation involves processes and practices that remove sensitive and private information from documents before sharing them with entities that should not be exposed to the removed informatio… Show more

“…Privacy has also been considered through a technical lens looking, for example, at how technical manipulation of data can be achieved. This may involve redacting, obfuscating or removing PII [16][17][18][19]. Alternatively, privacy may be achieved through security controls, such as user authentication [20], or more secure system design [21].…”

“…For the DPA this requires that the business maintains a record of their processing activities (GDPR, Recital 82), including details of the data they collect and why (Article 30), and provide the DPA with any information requested as part of any investigation carried out (GDPR, Article 57). For the customers accountability requires that the business is open and transparent about their data processing practices and providing users with a mechanism for asserting their rights, e.g., should they wish to assert their rights in relation to data pertaining to them (Articles [16][17][18][19][20][21][22] this information is available for them to see.…”

Privacy Goals for the Data Lifecycle

“…Privacy has also been considered through a technical lens looking, for example, at how technical manipulation of data can be achieved. This may involve redacting, obfuscating or removing PII [16][17][18][19]. Alternatively, privacy may be achieved through security controls, such as user authentication [20], or more secure system design [21].…”

“…For the DPA this requires that the business maintains a record of their processing activities (GDPR, Recital 82), including details of the data they collect and why (Article 30), and provide the DPA with any information requested as part of any investigation carried out (GDPR, Article 57). For the customers accountability requires that the business is open and transparent about their data processing practices and providing users with a mechanism for asserting their rights, e.g., should they wish to assert their rights in relation to data pertaining to them (Articles [16][17][18][19][20][21][22] this information is available for them to see.…”

Privacy Goals for the Data Lifecycle