--Originally published at Bytes of Mind
This time, we are going to be talking about data confidentiality and how it was handled in my STATS project. To give a little recap, there is more to confidentiality than just making data private,rather, it’s about keeping the needed information private, and letting the user know what it needs to know.
On our project we were handling four different types of users: students, teachers, principal and admin, and each had a different level of access to information. First we have the students, who are able to see their average scores based on they perform on the game Mateoro. Then we have teachers, who can see the average score for each student in their class, an average of the whole group and a comparison between students. After that we have the principal, who can see the same information as a teacher but for every group in the school. And finally we have the admin, who can’t see test results, but is able to add new users (with the exception of a principal) to the or edit some of their information (such as name, date of birth, class, etc.). This is deliberately handled such that students can’t compare their scores through our platform, or that teachers can’t measure the progress of classes not related to them.
This ensures that data is confidential between users, but what about the database? Well, once again, this is where the power of encryption comes in. By running our data through an encryption algorithm we can ensure that data can’t be interpreted even if someone can get their hands on it. Thus, we can ensure that the data can reach their respective users while keeping it safe from people looking from the outside or even from the inside, since the data is basically useless without
Continue reading "Keeping a Secret, that is, Data Confidentiality"