Abstract

Recent threat reports have warned researchers and security professionals about a shortage of cybersecurity skills to face devastating personal data breaches. As a response, governments have taken on the challenge of proposing specific legislation to protect citizens' privacy while holding information-processing companies accountable for any misuse. However, unauthorized access to such information, or possible negligent destruction of personal records are some issues that cannot be dealt with privacy laws alone. In this research, we introduce the functional requirements to deploy PriVARq, a novel privacy-oriented architecture to proactively manage any consensual submission of personal identifiable information (PII); i.e. during its collection, processing, verification and transference. For defining such requirements, PriVARq is proposed from a privacy-by-design approach that not only considers legislation proposed in Europe and Latin America but also analyzes technical aspects outlined in industry-leading security standards. We aim to provide a proactive approach to reduce the shortage of skills and solutions to tackle privacy leakages in public repositories, and devise future research venues to implement PriVARq in public and private organizations.