2 minute read
Technology Architecture9
9. TechnologyArchitecture
The Committee consideredsome technology related guiding principles that can be used for creating and functioning of shared data directories / data bases, and for digitally implementing the rules and regulations related to data sharing.
Advertisement
Key Takeaways – Technology Architecture
API mechanisms for accessing data Data security – storage in distributed format Creating a standardized data exchange approach (regardless of data type, exchange method or platform) Prevent de-anonymization – Best of breed Differential Privacy algorithms
9.1. The guiding principles for such a technology architecture include: i.
Mechanisms for accessing data – A number of different mechanisms exist for accessing data including downloads, Application Programming Interfaces (APIs), and data sandboxes. o All sharable Non-Personal Data and datasets created or maintained by government agencies, companies, startups, universities, research labs,
o non-government organisations, etc. should have a REST (Representational State Transfer) API for accessing the data. Data sandboxes can be created where experiments can be run, algorithms can be deployed and only output being shared, without sharing the data.
ii.
Distributed for data security –data storage in a distributed format so that there is no single point of leakage; sharing to be undertaken using APIs only, such that all requests can be tracked and logged; all requests for data must be operated after registering with the company for data access etc.Even when data is stored in a distributed or federated form, as appropriate, there could be coordinated management of them like would be required for data trusts and data infrastructures for important Non-Personal Data in different sectors.
iii.
Creating a standardized data exchange approach (regardless of data type, exchange method or platform) o Data that is collated should be available appropriately on a data exchange
o for stakeholders to use and make inferences. Exchange should be able to take-in any form of data and produce output that is standardized and usable to all stakeholders.
iv.
Prevent de-anonymization – Best of breed Differential Privacy algorithmsmay be used to create anonymised data. Mechanisms must be put in place to ensure that re-identification of anonymised data does not occur. o A number of other technologies can come into play in managing data like,differential privacy replaces one data set with another that includes different information, but has the same statistical patterns; Homomorphic encryption allows algorithms to crunch data without decrypting them; and blockchains enable one to manage data access rights 34 .
9.2. The Committee has encapsulated these technicalguiding principles into an illustrative three-tiered system architecture spanning legal safeguards, technology and compliance.Refer to Appendix 7. There may also be other appropriate ways to technically implement the recommendations of this Committee.
34 https://www.economist.com/special-report/2020/02/20/are-data-more-like-oil-or-sunlight
