(\s™ \ This question paper contains 4 printed pages) Rell No. [fal Tse Tlolst Te] S.No. of Question Paper; 1196 Unique Paper Code 2343010010 Name of the Paper Data Privacy Name of the Course; B.Se, (Hons.) Computer Science Type of the Paper: DSE NEP-UGCF ‘Semester. 2; Duration : 3 Hours Maximum Marks : 90 (Write your Roll No. on the top immediately on receipt of this question paper.) The question paper consists of two sections. Section A is compulsory. Attempt any four questions from Section B. Alll parts of a question must be attempted together. Seetion A 1. @_ What ethical principles should organizations follow when collecting user data? 3 () What is a masquerade attack ? Is it an active or a passive attack ? Justify your answer. 3 (©) Explain the following terms with respect to a hash function : 3 ( Preimage resistant (ii) Pscudorandomness, PTO, ‘ © scanned with OKEN Scanner© @ (O) 0 oO @ () (2) 1196 could be considered personally identifiable information (PI) ? Which of the following 3 Justify your answer () Date of birth (i) Device ID (iii) Publicly available Job Title. explain the concept ofthe ‘Right to be Forgotten’. What ae the cond ‘an individual can request the erasure of their personal data ? tions under which 3 Discuss the following terms with respect to GDPR : 3 () Natural Person (i) Legal Person (ii) Data Subject. Why is it difficult to privacy in anonymization processes ? 3 What is the need of anonymizing data ? 3 achieve a perfect balance between data utility and Can digital signatures be forged ? If not, why ? 3 What is a security service ? Explain any two security services. x Section B Explain the CIA triad with respect to Information Security. Additionally, discuss how 7 accountability complement these objectives. and contrast active 8 the concepts of authenticity and What is the difference between a threat and an attack ? Compare and passive attacks. © scanned with OKEN Scanner= —__—=x&xo (3) 1196 3. @ @ Classify the following attributes into Explicit Identifiers (ED, Quasi-ldentifiers (QN), Sensitive Data (SD), or Non-Sensitive Data (NSD) : 7 + Email 1D + Income Level + Gender + Voter ID (i Discuss why it is crucial to anonymize QI and SD before sharing data publicly. (iii) Provide two methods that could be used to anonymize Quasi-Identifiers in this dataset. (®) Explain cryptographic hash function. Also, discuss the purpose of using a cryptographic hash function in digital signatures and message integrity ? 8 Describe the potential harms caused by loss of privacy. What is the need for separating consumer protection issues from data protection issues ? W (8) A healthcare company developed a machine learning model to predict patient risk factors using data from hospitals. However, the dataset was skewed, with more data from ‘wealthier, majority-group patients, leading to less accurate predictions for minority and low-income groups. 8 (Was the data collection proce’ss ethical ? Why or why not ? (i How can bias in the data lead to discrimination in the model’s predictions ? (iii) What steps can the company take to reduce bias and improve faimess in the model ? PTO. © scanned with OKEN Scanner1196 @ ® @ ® G4) 1196 Elaborate and discuss DPDPA. Define a personal data breach and explain the genera obligations of a Data Fiduciary to prevent and report such breaches. 7 Discuss Model Surveillance System. Explain its five steps with the help of a neat diagram. 8 How is anonymization done in Multidimensional Data ? What are the challenges associated with privacy preservation of multidimensional data ? 7 Define Data Privacy. Also, explain the role of all the stakeholders of data privacy in an organization with the help of an example. 8 © scanned with OKEN Scanner