Client A wants Infosys to perform a feedback survey on their customers based on location and age. But they do not want Infosys to collect the actual age or date of birth of individuals due to privacy concerns. In this case, if Infosys decides to collect age range, then which of the below privacy design strategies would get implemented?
A. Minimize
B. Abstract
C. Separate
D. Both i and ii
E. All of the above
The correct answer and explanation is:
Correct Answer: D. Both i and ii (Minimize and Abstract)
In the scenario described, Infosys is required to perform a customer feedback survey that involves age-related data. However, due to privacy concerns, the client does not want Infosys to collect the actual age or date of birth of the respondents. Instead, they decide to use age ranges such as 18–24, 25–34, etc. This decision directly reflects the implementation of two key privacy design strategies: Minimize and Abstract.
The Minimize strategy focuses on collecting only the data that is strictly necessary for the intended purpose. By choosing to collect age ranges instead of precise age or date of birth, Infosys limits the amount of sensitive personal information gathered. This helps reduce the risk in case of data breach or misuse, and aligns with the principle of data minimization outlined in many privacy regulations such as the GDPR.
The Abstract strategy involves reducing the level of detail in the data to make it less specific and thus less identifiable. By converting exact ages into broader age categories, the level of specificity is lowered. This abstraction protects the identity of individuals and reduces the chances of their being re-identified through the data.
The other two strategies mentioned — Separate and All of the above — are not directly applied in this case. Separate refers to processing data in distributed systems or compartments to reduce linkage, which is not mentioned in the context. Therefore, the most accurate and relevant choice is option D: Both i and ii, representing the implementation of both Minimize and Abstract strategies to protect user privacy while still gathering useful information for the survey.