Skip to Main content Skip to Navigation
Book sections

Developing a Structured Metric to Measure Privacy Risk in Privacy Impact Assessments

Abstract : Today’s IT applications involving the processing of personal data of customers are becoming increasingly complex. This complexity drives the probability of privacy breaches. Considerable damage to a company’s reputation and financial standing may ensue. Privacy Impact Assessments (PIAs) aim to systematically approach and reduce privacy risks caused by IT applications. Data protection authorities and the European Commission promote using PIAs in application design to help attaining ‘privacy by design’ right from the inception of a new IT application. To help companies developing IT applications with conducting PIAs, many open-source tools are available online (GS1 tool, iPIA tool, SPIA tool etc.). Although these tools are modular and well structured, they fail to provide a metric to comparing progress in the implementation of privacy controls. In general, most of the tools use qualitative scoring for privacy risk, through which the measurement of progress is difficult. To address these shortcomings of existing tools, this paper presents a structured scoring methodology for privacy risk. A three-step semi-quantitative approach is used to calculate a relative score, which enables the comparison of privacy risks between incremental versions of an IT application. This comparison enables the monitoring of progress and thus, makes PIAs more relevant for the companies.
Document type :
Book sections
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Thursday, October 19, 2017 - 4:09:04 PM
Last modification on : Thursday, October 19, 2017 - 4:25:39 PM
Long-term archiving on: : Saturday, January 20, 2018 - 2:15:22 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Sushant Agarwal. Developing a Structured Metric to Measure Privacy Risk in Privacy Impact Assessments. David Aspinall; Jan Camenisch; Marit Hansen; Simone Fischer-Hübner; Charles Raab. Privacy and Identity Management. Time for a Revolution? : 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers, AICT-476, Springer International Publishing, pp.141-155, 2016, IFIP Advances in Information and Communication Technology, 978-3-319-41762-2. ⟨10.1007/978-3-319-41763-9_10⟩. ⟨hal-01619743⟩



Record views


Files downloads