Question

Tasks

After your successful engagement to provide a security and privacy risk assessment for the DAS, you have again been engaged to develop a Personally Identifiable Information (PII) privacy and personal data protection strategy for the MyLicence portal.

You are to write a report that proposes appropriate policies for DAS in the following areas:

1. Develop a PII strategy proposal for the DAS MyLicence portal. The strategy should consider the threats and risks to both Privacy and data protection for the PII data collected in the MyLicence portal as well as possible controls to mitigate the identified risks.
2. Develop a strategy to protect the informal Digital Identity that a user may create in the MyLicence portal. You should consider both the privacy and data protection aspects for a digital identity as well as possible controls to mitigate the identified risks.
3. Develop a strategy to ensure data sovereignty for the MyLicence portal
4. Develop a PowerPoint or Google slides presentation that gives a comprehensive overview of the three (3) tasks in a maximum of 30 slides. (20 marks

Answer 1

1.In the licence portal, end user needs to give all the personal information so there is higher chance of mishandling the information, taking to different sites and while entering the text hacker can get the info through your keyboard,there are higher chances for spying the information mainly contact number.These are some of the risks associated with the portal.

To get rid of these risks we can use Encryption method.By encrypting the data we can somehow manage to save the information from hackers.Portal needs to backup the information given by the users.There should be password system to access the licence and this also should be a 2 way password system.As the portal is website there will be many links which takes the user to other phishing pages, to avoid this government has to take the initiative and develop a software that doesn't allow any links in the website.

2. The major threat involved in this digital one is saving the user information and holding it for longer periods,accepting the cookies.

To avoid this firstly we need to avoid uploading the digital ones which are holding sensitive information using drives, any cloud storages because they can backup the data and store it.Never accept the cookies unless reading it thoroughly.Read the cookie popup completely and check what information we are providing to them.After completing the submission, make sure to clear the cookie data from your browser.

3.In this licence portal, as it is a government one most of the user's data will be stored.To make this place safe we need to *encrypt the whole data,

*understand the requirement of the data and get only the relevant and important information from the users.

*None of the data should leave the portal without user action

*They should be perfect authentication system with two way password control.

*As this portal is of renewing the new application, make sure to dispose the old data, media or any information safely.We can do this by overwriting on the information or any kind of physical destruction.

* Advice users to use secure connections, advice user not to use a public network.

* change the keys for the database frequently.

*Advice the user to not share passwords with any person or showcase it.Password should be a confidential one.

Thus, this is a strategy to ensure data sovereignty for Mylicence portal.