Securing Personally Identifiable Information: A Survey of SOTA Techniques, and a Way Forward

The current age is witnessing an unprecedented dependence on data originating from humans through the devices that comprise the Internet of Things. The data collected by these devices are used for many purposes, including predictive maintenance, smart analytics, preventive healthcare, disaster protection, and increased operational efficiency and performance. However, most applications and systems that rely on user data to achieve their business objectives fail to comply with privacy regulations and expose users to numerous privacy threats. Such privacy breaches raise concerns about the legitimacy of the data being processed. Hence, this paper reviews some notable techniques for transparently, securely, and privately separating and sharing personally identifiable and non-personally identifiable information in various domains. One of the key findings of this study is that, despite various advantages, none of the existing techniques or data sharing applications preserve data/user privacy throughout the data life cycle. Another significant issue is the lack of transparency for data subjects during the collection, storage, and processing of private data. In addition, as privacy is unique to every user, there cannot be a single autonomous solution to identify and secure personally identifiable information for users of a particular application, system, or people living in different states/countries. Therefore, this research suggests a way forward to prevent the leakage of personally identifiable information at various stages of the data life cycle in compliance with some of the common privacy regulations around the world. The proposed approach aims to empower data owners to select, share, monitor, and control access to their data. In addition, the data owner is a stakeholder and a party to all data sharing contracts related to his personal data. The proposed solution has broad security and privacy controls that can be tailored to the privacy needs of specific applications.