Information and Data Privacy:
An Indian Perspective




Why is this important? Public concern about
privacy.
Considerable concern in developed countries on
the issue of using a customer’s personal
information or data for intrusive and malicious
purposes.
Not much importance in developing countries
like India because of lack of awareness and also
perceptions differ.
Concept of privacy is different in different
countries and cultures.
1
Introduction



Recent advances in Data Mining enable
extraction of patterns about consumers based
on data that is available freely on the web
Extracting meaningful and useful knowledge
from consumer data is necessary to serve the
consumer better, offer better services and also in
some cases for security purposes
Also fraught with the risk of infringing on the
consumer’s individual privacy as ‘confidential’
information about a customer may be used to
discriminate against him/her.
2
Objective




Review current privacy problems
Analyze the existing or stated privacy policies of
some leading companies in India in the telecom,
banking and insurance sectors to see if they
agree and if not what are the significant
differences.
Introduce the concept of Privacy Preserving
Data Mining (PPDM) and describe the main
approaches.
Come up with a framework to suggest which
PPDM method may be applied in which
domain.
3
Key Findings
Sector\Comppany
Airtel
Vodafone
Reliance
Telecom
Policy exists
Policy exists
Policy exists
Only company that
emphasizes on the
issue of sharing
customers’
information outside
India. Applicability
of Indian privacy
policies or laws in
other countries
where the data
may be stored is a
complex matter.
Can have security
implications.
4
Key Findings(Cont.)
Sector
Banking
Company
ICICI
HDFC
State Bank of
India (SBI)
Policy exists
Policy exists
Policy exists
May use private Does not allow
sharing
data to protect
customers
bank's interest
confidential
information
unless
required by
law
Only bank to
have a clear
policy on how
to limit access
to customer
information by
their employees
5
Key Findings(Cont.)
Sector
Company
Insurance
LIC
ICICI Lombard HDFC-SL
Policy exists
Policy exists
Policy exists
May collect
unnamed statistics
which do not
personally
identify the user.
Reserves right to
perform statistical
analyses but will
provide only
aggregated data
from these
analyses to third
parties
Log files are
analyzed so that
individual user is
not identified.
HDFC_SL
retains the right
to share
aggegated nonpersonally
identifiable
information with
third parties.
All companies can
share aggregate
data and overall
trends without
revealing individual
identity
6
Key Recommendations
Sector
Recommendations
Telecom
Data Transformation
/randomization under
PPDM approach
Banking
Secure Multiparty
computaion under
PPDM related
methods
Insurance
Vertically partitioning
the Data followed by a
simple Data
transformation
7
Recommendation Justifications


In the Telecom domain companies primarily
collect personal data on calling patterns and
conduct surveys for planning. Customers would
give share more accurate information if they
knew their privacy would be protected, therefore
Data transformation/randomization is proposed.
In Banking sector different parties wish to share
results on joint data owned by different parties
and so secure multiparty computation is
suggested.
8
Recommendation
Justifications(Cont.)



In insurance sector one has to deal with
sensitive information like private health records.
It is crucial that the personal data identifying an
individual uniquely , their medical history and
DNA sequences (if available) are stored such
that they can not be brought together by a
common user.
Vertical partitioning of the data followed by a
simple transformation of the private data is
therefore suggested.
9
Conclusion




Policies on Information sharing are inconsistent
across domains and across companies
Personal information is not always separated
from public information
Policy makers in telecom, banking and
insurance should be aware of privacy breaches
as a result of data mining on publicly available
data and therefore possible misuses.
Use of PPDM methods as suggested in
appropriate domains will ensure benefits of data
mining to reach the consumer without the
associated pitfalls
10