User data privacy design and principles
Privacy is a shared responsibility. DIGIT building blocks enable, wherever possible, ease of privacy compliance. Guidelines are provided for Platform teams, Product teams, and Program teams, which they must adhere to to ensure privacy.
DIGIT is designed to ensure and enable the following Privacy Principles and Practices.
DIGIT core building blocks provide the following capabilities to enable these principles and practices.
API Gateway ensures that no data is accessible without authentication and authorisation.
User Services provides authentication services.
Role Services provides the ability to configure roles and limit access each role has to specified data and services.
Encryption Services provides the ability to encrypt all the data.
Audit Services logs all changes made to all data in a signed audit log.
Persister Service emits data which is stored as Signed Verifiable Certificates in certificate service. This can be pushed into Citizen Data Wallets, if available. (Ongoing - Expected Release Date - March 2024)
Consent Adapter enables external consent frameworks, such as India's Account Aggregator, to access data from DIGIT. (Planned - Expected Release Date - June 2024)
Below listed are the privacy guidelines that teams building products on DIGIT and implementing programs leveraging Products built on DIGIT must adhere to.
Ensure privacy policy in compliance with the local laws is published with every solution deployed in production.
Identify all PII, and ensure these are stored as part of User and Individual Service only.
Configure the roles and access based on purpose -- only roles that have a purpose should be able to access that data.
Provide users/roles only the minimal access required to perform their activity.
Design forms to capture only such data from users that have well-defined purposes.
Leverage Persister Service when storing data.
Leverage Encryption Service to encrypt sensitive data before storage.
Archive and/or store data keeping in mind the local laws, regulations, and requirements of the domain. Where possible to store aggregate or anonymised data, do so rather than storing PII.
Anonymise PII before emitting data for analysis or reporting.
Provide citizens with the ability to view and request changes to their personal data.