[Feat]: 6.2 Privacy-Preserving Analytics #74
Description
-
The project aims to use "Predictive Analytics" to forecast case flows. However, this must be
balanced against the requirements of the DPDP Act, 2023. Nyay-Setu must implement
privacy-preserving techniques such as Anonymization and Pseudonymization. Before any
data enters the analytics pipeline, Personally Identifiable Information (PII) like names,
addresses, and Aadhaar numbers must be masked or hashed. -
Additionally, the Role-Based Access Control (RBAC) system must be granular. The backend
currently uses Spring Security 9
, which is capable of this. The policies should be defined such
that a "Clerk" can see case metadata but cannot access the "Victim's Statement" in sensitive
cases (e.g., under the POCSO Act). This "Least Privilege" access model is essential for
maintaining the confidentiality and dignity of litigants.