Developing a Structured Metric to Measure Privacy Risk in Privacy Impact Assessments

Abstract : Today’s IT applications involving the processing of personal data of customers are becoming increasingly complex. This complexity drives the probability of privacy breaches. Considerable damage to a company’s reputation and financial standing may ensue. Privacy Impact Assessments (PIAs) aim to systematically approach and reduce privacy risks caused by IT applications. Data protection authorities and the European Commission promote using PIAs in application design to help attaining ‘privacy by design’ right from the inception of a new IT application. To help companies developing IT applications with conducting PIAs, many open-source tools are available online (GS1 tool, iPIA tool, SPIA tool etc.). Although these tools are modular and well structured, they fail to provide a metric to comparing progress in the implementation of privacy controls. In general, most of the tools use qualitative scoring for privacy risk, through which the measurement of progress is difficult. To address these shortcomings of existing tools, this paper presents a structured scoring methodology for privacy risk. A three-step semi-quantitative approach is used to calculate a relative score, which enables the comparison of privacy risks between incremental versions of an IT application. This comparison enables the monitoring of progress and thus, makes PIAs more relevant for the companies.
Type de document :
Chapitre d'ouvrage
David Aspinall; Jan Camenisch; Marit Hansen; Simone Fischer-Hübner; Charles Raab. Privacy and Identity Management. Time for a Revolution? : 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers, AICT-476, Springer International Publishing, pp.141-155, 2016, IFIP Advances in Information and Communication Technology, 978-3-319-41762-2. 〈10.1007/978-3-319-41763-9_10〉
Liste complète des métadonnées

Littérature citée [22 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01619743
Contributeur : Hal Ifip <>
Soumis le : jeudi 19 octobre 2017 - 16:09:04
Dernière modification le : jeudi 19 octobre 2017 - 16:25:39
Document(s) archivé(s) le : samedi 20 janvier 2018 - 14:15:22

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Sushant Agarwal. Developing a Structured Metric to Measure Privacy Risk in Privacy Impact Assessments. David Aspinall; Jan Camenisch; Marit Hansen; Simone Fischer-Hübner; Charles Raab. Privacy and Identity Management. Time for a Revolution? : 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers, AICT-476, Springer International Publishing, pp.141-155, 2016, IFIP Advances in Information and Communication Technology, 978-3-319-41762-2. 〈10.1007/978-3-319-41763-9_10〉. 〈hal-01619743〉

Partager

Métriques

Consultations de la notice

42