THREE-LAYER MODEL FOR LEARNER DATA ANONYMIZATION
1 Technical University Sofia, Computer Systems and Technologies (BULGARIA)
2 Sofia University (BULGARIA)
About this paper:
Conference name: 14th International Technology, Education and Development Conference
Dates: 2-4 March, 2020
Location: Valencia, Spain
Abstract:
Learning Management Systems (LMS) collect and process personal information for different activities and in the same time they have to be compliant with the General Data Protection Regulation (GDPR). The different LMS systems are using different information, database schemas, backup/restore policies etc. Collection of data for the analysis and reporting purposes could be different from one side. And from another, the companies in EU, which manage personal information are obliged to be compliant with GDPR regulation. Therefore, even for the purpose of analysis, reporting, and statistics, the original data cannot be used – or can be used only at a certain extent.
GDPR refers to the European Union regulation for any individuals and organizations, who are dealing with any EU citizen’s personal information and its storing. The EU GDPR compliance regulation brings specific requirements for processing and keeping personal information. This inevitably leads to the need for corresponding changes in systems, which deal with such information. This research provides a comprehensive review of the different types of data and its lifecycle. It also covers and proposes a mechanism to make it anonymous in accordance to the GDPR regulation, taking into account any students’ personal preferences.
Data anonymization is the process of removing personally identifiable information from the data. It is done in such an order to guarantee that the privacy of individuals will be maintained. In other words, data subject cannot be identified any longer.
De-anonymization is the reverse process in which anonymous data is cross-referenced with other data sources to be able to re-identify the anonymous data source. For example, census data might be released for statistical purposes, but public disclosure with all names, addresses, postal codes and other identifiable data are removed.
The paper proposes a method for collection (capture, store and maintain) personal information for the purposes of analysis and reporting. The main goal is to present the proposed Learning Management System (LMS) Anonymized Privacy Model (APM) which is independent from specific LMS system and consists of an integration layer (called Privacy Compliance Layer), Data Anonymization Layer and Analysis & Reporting Layer. The structure of the three layers in the presented model are described in detail. Finally, some examples and possible further research are reviewed. Keywords:
Data security, data anonymization, LMS, software models.