# City of Cape Town - Encryption of Personally Identifiable Information

## Introduction

As part of the City of Cape Town's [PoPIA](https://www.gov.za/sites/default/files/gcis_document/201409/3706726-11act4of2013protectionofpersonalinforcorrect.pdf) compliance, any information shared with outside parties that can identify a person will be encrypted, with the intention of anonymising that information, and so prevent that person from being identified.

This notebook details the encryption scheme used to anonymise personally identifiable information. Other than enabling transparency about how the City is protecting the privacy of its residents, it should provide practical guidance for a 3rd party in performing a similar encryption. The intention of sharing this practical guidance is to assist trusted third parties (sub-operators in terms of PoPIA) in encrypting other data sets in a similar fashion, and so allow for comparisons across multiple datasets.

We strongly encourage that all potentially personally identifiable data is encrypted both at rest and in transit, so as to avoid breaches of PoPIA.

**NB** Such comparisons across datasets should be compatible with the intended use for which this data was collected, and with the explicit consent of the data subjects.

## Encryption Scheme

At the City, we use a [SHA-2 cryptographic function](https://en.wikipedia.org/wiki/SHA-2), with a `256` bit digest. In the future we reserve the right to move to stronger hashing functions, based upon on the best practice of the time.

The hasing function is applied to each record that is considered as personally identifiably information, as well as a secret *salt* that will either be prefixed or suffixed onto the record. 

The sharing of either the *salt* or examples of the source record and it's resulting encrypted output constitutes disclosing the encryption scheme.

Psuedo-code example:
```
record = "12345"
salt = "my secret salt"
salted_record = salt + record


encrypted_record = hex(
  sha256(salted_record)
) # "ce6b30422b07a06f194657fddc1348e06c75cae43c4b714b6a3759a50bc2d50e"
```

## Python example

The example below uses the standard Python [`hashlib` library](https://docs.python.org/3/library/hashlib.html) to implement the above example.

In [1]:
!python3 --version

Python 3.8.9


In [2]:
import hashlib

record = "12345"
salt = "my secret salt"
salted_record = f"{salt}{record}".encode() # Needs to be a byte string

encrypted_record = hashlib.sha256(salted_record).hexdigest()
print(encrypted_record)

c26c7b35ab41b043b8558e94ae6d4b7205ba6e77270197e3cd4f14bcb7728491
