It is essential that sensitive information, including personal and commercially-sensitive data, are protected at all stages of the data pipeline.

First, all sensitive data must be stored securely. This means that the data should be stored behind a firewall. Best practice would also include minimising the number of locations where this data is being held. For example, if the data is being obtained from a mobile network operator (MNO) then the anonymisation of the data should occur on servers within the premises and behind the firewall of the MNO. Similarly, if the data is being obtained from a regulatory body, the anonymisation should take place behind their firewall. This reduces the potential risk of the data being successfully accessed by an unauthorised party.

Aggregated and anonymised data derived from CDR data should also be stored securely by users. Aggregates and indicators should be stored on an encrypted hard drive and only encrypted data should be transferred between users. The GNU Privacy Guard (gpg) is a free software that facilitates the encryption and decryption of data for sharing between users.

Secondly, access to aggregated and anonymised data derived from CDRs must be securely managed. Granular access management schemes, where users are granted access to only certain data or data products based on their needs, and two-factor authentication are both recommended to control access and reduce the risk of unauthorised access or abuse of the data.

We would also recommend that when accessing CDR aggregates or indicators, whether through an API or another user interface, a virtual private network (VPN) is used. VPNs encrypt your data traffic, preventing unauthorised external access. A broad range of VPNs, including free VPNs, are available.