Developing a Structured Metric to Measure Privacy Risk in Privacy Impact Assessments - Archive ouverte HAL Access content directly
Book Sections Year : 2016

Developing a Structured Metric to Measure Privacy Risk in Privacy Impact Assessments

(1)
1
Sushant Agarwal
  • Function : Author
  • PersonId : 1021226

Abstract

Today’s IT applications involving the processing of personal data of customers are becoming increasingly complex. This complexity drives the probability of privacy breaches. Considerable damage to a company’s reputation and financial standing may ensue. Privacy Impact Assessments (PIAs) aim to systematically approach and reduce privacy risks caused by IT applications. Data protection authorities and the European Commission promote using PIAs in application design to help attaining ‘privacy by design’ right from the inception of a new IT application. To help companies developing IT applications with conducting PIAs, many open-source tools are available online (GS1 tool, iPIA tool, SPIA tool etc.). Although these tools are modular and well structured, they fail to provide a metric to comparing progress in the implementation of privacy controls. In general, most of the tools use qualitative scoring for privacy risk, through which the measurement of progress is difficult. To address these shortcomings of existing tools, this paper presents a structured scoring methodology for privacy risk. A three-step semi-quantitative approach is used to calculate a relative score, which enables the comparison of privacy risks between incremental versions of an IT application. This comparison enables the monitoring of progress and thus, makes PIAs more relevant for the companies.
Fichier principal
Vignette du fichier
428330_1_En_10_Chapter.pdf (492.37 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01619743 , version 1 (19-10-2017)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Sushant Agarwal. Developing a Structured Metric to Measure Privacy Risk in Privacy Impact Assessments. David Aspinall; Jan Camenisch; Marit Hansen; Simone Fischer-Hübner; Charles Raab. Privacy and Identity Management. Time for a Revolution? : 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers, AICT-476, Springer International Publishing, pp.141-155, 2016, IFIP Advances in Information and Communication Technology, 978-3-319-41762-2. ⟨10.1007/978-3-319-41763-9_10⟩. ⟨hal-01619743⟩
133 View
536 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More