Centralised vs decentralised data – what are the risks to data privacy?
Since lockdown began, there has been an increase in the number of cyber attacks, often leading to private, sensitive data being exposed. Apps that are developed using a certain method can put users at risk of data breaches, and the NHS track and trace app is an example of this. Even before the NHS track and trace app was released, members of the public and cybersecurity professionals had expressed concern over data privacy and security. When submitting information and personal data, some of the population often don’t understand how it will be used and stored, which presents problems as the risks either aren’t made clear, or are not investigated thoroughly by the public. For example, the differences between centralised and decentralised data. The NHS app uses centralised data, but what does that mean for data privacy?
Centralised vs decentralised data
The main difference between centralised and decentralised data is in the name. Centralised networks are based around a central server that manages the processing, storing, and permission functions available to users. In the case of the track and trace app, data is likely to be stored on a central government server. A decentralised approach involves using multiple independent devices that are connected and provide different nodes within the network. These nodes retain independent control, meaning that every one of them can set their own rules regarding data workload availability.
The advantages of centralised data are that it is simpler and quicker to develop, which is why this method was chosen for the NHS track and trace app. It also means that there are fewer device restrictions, and it is essentially a traditional server, just in the cloud. However, there are disadvantages of choosing centralised data, one of these being privacy. As centralised data is less complicated and takes less time to develop, it also means that it is easier for private data to be exposed by a third party. In this instance, data supersets are an issue because it means that, while the original data is anonymous, when combined with another set of data the anonymity no longer remains.
Decentralised data has the advantage of more transparency in terms of data privacy, and a reduction of processing requirements in big cloud data centres. The result of this is a reduction of resource consumption in the data centre which means it is cheaper to run, with storage distributed across the network. There are drawbacks, primarily the slower speed of development, due to decentralised data being more difficult to develop as device capabilities need to be understood.
The track and trace app
The track and trace app has clearly been successful in terms of the speed in which it has been rolled out, which is an advantage of centralised data. In this case, the disadvantages of using centralised data outweigh the positives. Using this approach means that while the anonymous ID associated with different users’ phones will be anonymous, this piece of data could be combined with another set of data to reveal the user’s identity. Exposed data is a concern because it could lead to revealing private information, such as a home address, being available to the public. Ultimately, the app is unlikely to be secure in the long term.
The app has been designed with good intentions, but the execution could be improved. Many apps take up to a year to develop so it is understandable that an app with a shorter development time will experience some flaws. Data privacy should still remain a priority. As cyber attacks have already increased during lockdown, it is more important than ever for organisations and individuals to be vigilant and not leave private data open to third parties. This is a risk on a centralised database where all data is stored on one central server. Perhaps, with time, a solution will be found where critical sensitive data can be stored and processed at the edge, using cloud computing to do the number crunching. In the meantime, it is important to be educated on all the facts surrounding data privacy to limit the risks.