Towards an effective PIA-based Risk Analysis: An Approach for Analysing Potential Privacy Risks
نویسندگان
چکیده
The use of Privacy Impact Assessments (PIAs) has become common practice in a variety of jurisdictions since the mid 1990s. They play a crucial role in achieving privacy protection for data subjects and in supporting risk management for organisations. Many guidance documents have been published to help support organisations in performing PIAs and in achieving their intended benefits. However, these documents vary noticeably in their comprehensiveness and quality. From an engineering perspective, the core of a PIA is a risk assessment, which typically follows a step-by-step process of risk identification and risk mitigation. In order for a PIA to be holistic and effective, it needs to be complemented by an appropriate privacy risk model that considers legal, organisational, social and technical aspects. We propose a methodical approach for identifying and analysing potential privacy risks. It is built upon a conceptual model that represents the main factors that have impacts on privacy risks along with their meanings, properties and relationships. Then, we illustrate its use in the analysis of eToll pricing systems. We argue that this contribution lays the foundation for developing systematic and rigorous PIA methodologies.
منابع مشابه
A dynamic risk analysis on new product development process
Abstract In the dynamic and competitive market, managers seek to find effective strategies for new products development. Since There has not been a thorough research in this field, this study is based on a review on the risks exist in the NPD process and an analysis of risks through FMEA approach to prioritize the existent risks and a modeling behavior of the NPD process and main risks using s...
متن کاملProcess of Risk Analysis for Iranian Insurance Companies
The main challenge for any insurer/reinsurer has proved to be underwriting major refinery/Petrochemical risk. Insurers have already considered process risk management measures while accepting and evaluating the risks all over the world. Erstwhile petrochemical tariff was adopting experiencing methodology as basis for premium calculation in Iran. In the present de-tariff scenario decisions will ...
متن کاملA Multi-Criteria Decision-Making Approach with Interval Numbers for Evaluating Project Risk Responses
The risk response development is one of the main phases in the project risk management that has major impacts on a large-scale project’s success. Since projects are unique, and risks are dynamic through the life of the projects, it is necessary to formulate responses of the important risks. Conventional approaches tend to be less effective in dealing with the imprecise of the risk response deve...
متن کاملRisk determinants of small and medium-sized manufacturing enterprises (SMEs) - an exploratory study in New Zealand
The smooth running of small and medium-sized manufacturing enterprises (SMEs) presents a significant challenge irrespective of the technological and human resources they may have at their disposal. SMEs continuously encounter daily internal and external undesirable events and unwanted setbacks to their operations that detract from their business performance. These are referred to as ‘disturbanc...
متن کاملTowards Designing E-Services that Protect Privacy
The growth of electronic services (e-services) has resulted in large amounts of personal information in the hands of service organizations like banks, insurance companies, and online retailers. This has led to the realization that such information must be protected, not only to comply with privacy regulations but also and more importantly, to attract clients. One important dimension of this goa...
متن کامل