Standards Development

Scope

This document provides security and privacy preserving guidelines for multi-sourced data processing, including a model for multi-sourced data processing, identifying the stakeholders, and identifying the security and privacy risks related to multi-sourced data processing, and a framework to mitigate the identified security and privacy risks with guidance on applying security and privacy controls.

Purpose

Compared to single-source data, processing multi-sourced data from different providers offer the ability to conduct correlated analysis on a richer data set, and more information can be extracted to guide decision-making in business operations, leading to better customer services. The variety of data from multiple sources may make the data processing more productive. ISO IEC TR 231862018 “Information technology – Cloud computing - Framework of trust for processing of multi-sourced data” describes scenarios of using multi-sourced data to reduce traffic deaths and injuries, for home automation, for automotive operations.

Meanwhile, there are security and privacy risks (such as data leakage, re-identification, data misuse, etc.) need to be mitigated during the data processing.

There have been series of standards about big data architecture, trust for multi-sourced data processing, security and privacy, etc. Some of them provide requirement statement, some of them provide high level framework, while how to guide the implementation and what kind of mechanisms are applicable on security and privacy regarding the specific scenario, that is multi-sourced data processing, is absent.

The stakeholders of multi-sourced data processing need standards as guidance and implement relevant technical solutions such as prevention of re-identification from multi-sourced data, authorization consistency checking and confirmation of multi-sourced data, etc. to ensure the data processing security and privacy-preserving. And the clear technical terms in the standard could reassure the stakeholders (data providers, service providers, end users, etc.) when sharing data. This proposal is intended to provide guidelines on how to mitigate the security and privacy risks in multi-sourced data processing scenarios and help to reassure the stakeholders in technical ways.