GDPR is clear on that matter : privacy must be enforced by design, and that implies a proper Access Rights Management. But how to manage it in a world where websites and other apps must follow a roadmap under time-pressure ?
Access Rights Management
Privacy by Design means ensuring segregation of data and privileges so that privacy is never compromised during the full data lifecycle. Authentication under various forms is of course a first mandatory step before being able to apply the proper authorisations, but once strongly authenticated the Access Rights Management challenge only begins.
The WWWW ( Who What Where When ) challenge
Granted that the user is authenticated, fine grained Access Rights Management has to be present during the full data lifecycle, and adapt to each context is which private data might be accessed. The biggest Privacy by Design challenge is to manage WWWW ( Who What Where When ).
This means :
- WHO: Knowing who can view/act on private data (which users)
- WHAT: Knowing which data the user can act on
- WHERE & WHEN: Knowing in which context the user can access such data (in which state of the process)
This is clearly a much harder task than implementing basic access rights management, even fine grained access rights management. Maintaining a code that will deliver the right answer to this question will be a long term challenge. See what usually happens:
- The specifications of who can access/change data is defined once (very often as a poorly specified sub product of a User Interface design)
- Those specifications are coded into the web service that delivers data to the application
- The process changes slightly, modifying the access rights specifications in some specific cases
- Those restrictions are added to the code base
- The process changes again slightly
- The impact on access rights is reflected in the code base
- The website gets hacked because the combinations of access possibilities generates an overly complex code, which is prone to errors
Maintaining Privacy by Design through WWWW by design
By using the Confidentializer framework, applications to not have to manage the Who What Where When challenge by themselves. Permissions granted to entities, group of entities, even individual bits of data are described in a declarative way. Application states are modelled with every single change in privacy, whether it is an access rights upgrade/downgrade, a removal of data existence visibility, a change in actions a user may perform or be aware of…
The Confidentializer engine does the rest and calculates the effective privileges of each user, in real time, taking into account mixed situations with contextual and static access rights. Delegation during holidays is fully managed, as well as dynamic allocation of privileges to specific objects for a specific user.
This true Privacy by Design approach eliminates privacy breaches due to miscoded combinations of rights. Just declare Who can see What When/Where along the Data Set lifecycle, and the system will return the effective access privilege to each individual bit of data.
In order to simplify the development of highly interactive yet secure front ends, Confidentializer goes one step further and also manages the “Read Write Must” concept. The classic Read and Write access privileges are complemented by a “Must” indicator which allows the User Interface to indicate the user has got something special to do. This is done without having to develop a specific service. This very convenient feature is part of the Lean Management heritage of our product lineup.
