Data Protection Skill

Purpose

This skill provides comprehensive data protection guidance for the CIA platform, covering data classification, GDPR privacy by design, encryption standards, and data lifecycle management. It ensures political intelligence data is handled according to Hack23 ISMS classification and data protection policies.

When to Use This Skill

Apply this skill when:

✅ Handling personal data of politicians or citizens
✅ Designing database schemas with sensitive fields
✅ Implementing data import/export functionality
✅ Configuring data retention or deletion policies
✅ Integrating external data sources (Riksdagen, World Bank)
✅ Processing election or voting records
✅ Implementing caching strategies for sensitive data

Do NOT use for:

❌ Public open data with no personal information
❌ Static UI component changes
❌ Build system or CI/CD pipeline changes

Data Classification Framework

CIA Platform Data Categories

Classification Levels (Hack23 ISMS)
│
├─ PUBLIC
│  ├─ Parliamentary voting records
│  ├─ Published committee documents
│  ├─ Official election results
│  └─ World Bank economic indicators
│
├─ INTERNAL
│  ├─ Aggregated analysis results
│  ├─ Risk scoring algorithms
│  ├─ Platform usage analytics
│  └─ System configuration data
│
├─ CONFIDENTIAL
│  ├─ User account credentials
│  ├─ Session tokens and API keys
│  ├─ Audit logs with user actions
│  └─ Internal security assessments
│
└─ RESTRICTED
   ├─ Database credentials
   ├─ Encryption keys (KMS)
   ├─ AWS access credentials
   └─ Security incident data

Classification Decision Tree

Data Classification Decision
│
├─→ Is it publicly available from official sources?
│   ├─ YES → PUBLIC
│   └─ NO ↓
│
├─→ Does it contain personal identifiers?
│   ├─ YES → CONFIDENTIAL (minimum)
│   └─ NO ↓
│
├─→ Is it a credential, key, or secret?
│   ├─ YES → RESTRICTED
│   └─ NO ↓
│
└─→ Is it internal analysis or configuration?
    ├─ YES → INTERNAL
    └─ NO → Assess case-by-case

GDPR Privacy by Design

Seven Principles Applied to CIA Platform

Proactive, not reactive — Embed privacy into political data imports
Privacy as default — Minimize personal data collection
Privacy embedded in design — Use pseudonymization where possible
Full functionality — Privacy without sacrificing analysis quality
End-to-end security — Encrypt data at rest and in transit
Visibility and transparency — Document all data processing activities
Respect for user privacy — Provide data access and deletion mechanisms

Data Processing Patterns

// ✅ SECURE: Minimize personal data in analysis
@Service
public class PoliticianAnalysisService {

    public PoliticianSummary analyzePolitician(String personId) {
        // Only retrieve fields needed for analysis
        PoliticianData data = repository.findPublicDataById(personId);

        // Never include unnecessary personal details
        return PoliticianSummary.builder()
            .personId(personId)
            .votingRecord(data.getVotingRecord())
            .committeeAssignments(data.getCommittees())
            .partyAffiliation(data.getParty())
            .build();
        // Excluded: personal address, phone, private email
    }
}

// ❌ INSECURE: Over-collection of personal data
public PoliticianData getAllPersonalData(String personId) {
    return repository.findById(personId); // Returns ALL fields
}

Data Subject Rights Implementation

GDPR Right	CIA Platform Implementation
Right to access (Art. 15)	User data export endpoint
Right to rectification (Art. 16)	Profile update mechanism
Right to erasure (Art. 17)	Account deletion with cascade
Right to restrict (Art. 18)	Account deactivation option
Right to portability (Art. 20)	JSON/CSV data export
Right to object (Art. 21)	Opt-out of analytics processing

Encryption Standards

Data at Rest

Encryption Requirements by Classification
│
├─ PUBLIC → No encryption required
├─ INTERNAL → AES-256 recommended
├─ CONFIDENTIAL → AES-256 required (AWS KMS)
└─ RESTRICTED → AES-256 + envelope encryption (KMS CMK)

Data in Transit

TLS 1.2+ for all HTTP connections
Certificate pinning for external API calls
mTLS for internal service communication
HSTS headers enforced

Database Encryption

// Column-level encryption for sensitive fields
@Entity
@Table(name = "application_user")
public class ApplicationUser {

    @Column(name = "username")
    private String username; // PUBLIC - no encryption

    @Column(name = "email")
    @Convert(converter = EncryptedStringConverter.class)
    private String email; // CONFIDENTIAL - encrypted

    @Column(name = "password_hash")
    private String passwordHash; // Already hashed (bcrypt)
}

Data Lifecycle Management

Retention Policies

Data Type	Retention Period	Action at Expiry
Voting records	Indefinite	Archive (public record)
User sessions	30 days	Automatic deletion
Audit logs	2 years	Archive to cold storage
User accounts	Until deletion request	Anonymize + delete
API cache	24 hours	Automatic expiry
Analytics data	1 year	Aggregate + anonymize

Secure Deletion

// Implement secure deletion for user data
@Service
public class DataDeletionService {

    @Transactional
    public void deleteUserAccount(Long userId) {
        // 1. Remove personal data
        userRepository.anonymizeUser(userId);

        // 2. Delete session data
        sessionRepository.deleteByUserId(userId);

        // 3. Audit the deletion (GDPR compliance)
        auditService.logDeletion(userId, "GDPR erasure request");

        // 4. Remove from caches
        cacheManager.evict("user:" + userId);
    }
}

ISMS Alignment

Control	Requirement	Implementation
ISO 27001 A.5.12	Classification of information	Data classification labels
ISO 27001 A.5.33	Protection of records	Retention policy enforcement
ISO 27001 A.8.10	Information deletion	Secure deletion procedures
ISO 27001 A.8.24	Use of cryptography	AES-256, TLS 1.2+
NIST CSF PR.DS	Data security	Encryption at rest/transit
GDPR Art. 25	Data protection by design	Privacy impact assessments

data-protection