Applying Risk Management Strategies to Information Privacy Protection: A Conceptual Approach
نویسندگان
چکیده
REQUIRED) This paper examines the application of risk management strategies to the protection of customer information privacy at the corporate level of analysis. The emerging discipline of privacy risk management is virtually non-existent in academic discourse despite an expressed and growing interest by regulators and practitioners. We show how the concept and practices of operational risk management can be adapted to managing privacy risk using Generally Accepted Privacy Principles (GAPP) as an example. As well, we show how the risk response strategies, specifically avoidance, mitigation and transfer, are likewise useful. We conclude that there is congruence between risk management principles and privacy obligations and offer a series of questions for further research.
منابع مشابه
Privacy Risk Perceptions and Privacy Protection Strategies
Several opinion polls have reported that many people claim to be concerned about their privacy, yet that most people in fact do very little to protect their privacy. Are privacy concerns indeed insufficient motivators to adopt privacy protection strategies? What then characterizes the users of these strategies? On the basis of a large scale survey amongst Dutch students, this paper explores the...
متن کاملAnalyzing Tools and Algorithms for Privacy Protection and Data Security in Social Networks
The purpose of this research, is to study factors influencing privacy concerns about data security and protection on social network sites and its’ influence on self-disclosure. 100 articles about privacy protection, data security, information disclosure and Information leakage on social networks were studied. Models and algorithms types and their repetition in articles have been distinguished a...
متن کاملCost-effective Firm Investments in Customer Information Privacy
Extensive personal information is gathered explicitly or implicitly when a customer interacts with a firm. Significant risks are associated with handling such personal information. Providing protection may reduce risk of misuse or loss of private information, but it imposes some costs on the firm and its customers. Risk is associated with improper handling of sensitive customer information. Pro...
متن کاملUsing Object-oriented Concepts to Develop a Conceptual Model for the Management of Information Privacy Risk in Large Organisations
In this paper we present a conceptual model for the management of information privacy risk in large organisations. The model is based on the similarities between the concepts of departments in large organisations and the object-oriented computer programming paradigm. It is a high-level model that takes a holistic view of information privacy risk management, and, as such, identifies risk in both...
متن کاملTowards an effective PIA-based Risk Analysis: An Approach for Analysing Potential Privacy Risks
The use of Privacy Impact Assessments (PIAs) has become common practice in a variety of jurisdictions since the mid 1990s. They play a crucial role in achieving privacy protection for data subjects and in supporting risk management for organisations. Many guidance documents have been published to help support organisations in performing PIAs and in achieving their intended benefits. However, th...
متن کامل