Supporting Privacy Impact Assessments using Problem-based Privacy Analysis (Technical Report)
نویسندگان
چکیده
Several countries prescribe or advise government departments and organizations to perform a privacy impact assessment (PIA) if these prepare new projects or change existing ones that involve personal information. A PIA shall summarize what personal information is collected, processed, stored, and distributed in the context of the project. But there is only little support for undertaking a PIA and to create a PIA report, most countries only provide vague guidelines and simple templates. We present in this paper an extension of the problem-based privacy analysis (ProPAn) method that provides assistance to software developers for some steps of a PIA. We provide a formally specified method with welldefined steps and tool support to reduce the effort to be spent for conducting a PIA and to produce a more complete, coherent, and adequate PIA report.
منابع مشابه
Supporting Privacy Impact Assessments Using Problem-Based Privacy Analysis
Privacy-aware software development is gaining more and more importance for nearly all information systems that are developed nowadays. As a tool to force organizations and companies to consider privacy properly during the planning and the execution of their projects, some governments advise to perform privacy impact assessments (PIAs). During a PIA, a report has to be created that summarizes th...
متن کاملA systematic methodology for privacy impact assessments: a design science approach
For companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting this data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company’s reputation and finances, as well as negative effects for customers or employees (data subjects). To address this pro...
متن کاملTowards an effective PIA-based Risk Analysis: An Approach for Analysing Potential Privacy Risks
The use of Privacy Impact Assessments (PIAs) has become common practice in a variety of jurisdictions since the mid 1990s. They play a crucial role in achieving privacy protection for data subjects and in supporting risk management for organisations. Many guidance documents have been published to help support organisations in performing PIAs and in achieving their intended benefits. However, th...
متن کاملTowards an Integrated Approach to the Management, Specification and Enforcement of Privacy Policies
ABSTRACT We make the case for an integrated approach to privacy management within organisations. Current approaches to privacy management are either too high-level, enforcing privacy of personal data using legal compliance, risk and impact assessments, or too low-level, focusing only on the technical implementation of access controls to personal data held by an enterprise. High-level approaches...
متن کاملEnCoRe: Towards A Conceptual Model For Privacy Policies
This paper proposes a conceptual model for privacy policies that takes into account privacy requirements arising from different stakeholders, with legal, business and technical backgrounds. Current approaches to privacy management are either high-level, enforcing privacy of personal data using legal compliance, risk and impact assessments, or low-level, focusing on the technical implementation ...
متن کامل