PRIAM: A Privacy Risk Analysis Methodology

被引：29

作者：

De, Sourya Joyee ^{[1
]}

Le Metayer, Daniel ^{[1
]}

机构：

[1] Univ Lyon, INRIA, Lyon, France

来源：

DATA PRIVACY MANAGEMENT AND SECURITY ASSURANCE | 2016年 / 9963卷

关键词：

Privacy; Personal data; Privacy Impact Assessment; PIA; Privacy Risk Analysis; PRA; Risk; Harm; IMPACT ASSESSMENT;

D O I：

10.1007/978-3-319-47072-6_15

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Privacy Impact Assessments (PIA) are recognized as a key step to enhance privacy protection in new information systems and services. They will be required in Europe when the new General Data Protection Regulation becomes effective. From a technical perspective, the core of a PIA is a Privacy Risk Analysis (PRA), which has received relatively less attention than organizational and legal aspects of PIAs. In this work, we propose a rigorous and systematic PRA methodology. We illustrate it with a quantified self use-case in the extended paper [9].

引用

页码：221 / 229

页数：9

共 20 条

[1] [Anonymous], 2015, PRIVACY RISK MANAGEM
[2] Trust Driven Strategies for Privacy by Design
Antignac, Thibaud
Le Metayer, Daniel
[J]. TRUST MANAGEMENT IX, 2015, 454 : 60 - 75
[3] Baringer F., 2011, NEW ELECT METERS STI
[4] Calo MR, 2011, INDIANA LAW J, V86, P1131
[5] CNIL, 2015, PRIV IMP ASS PIA TOO
[6] CNIL, 2015, Privacy impact assessment (PIA) methodology (how to carry out a PIA)
[7] De S. J., 2016, RR8876 INRIA
[8] De S. J., 2016, INT WORKSH PRIV ENG
[9] A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements
Deng, Mina
Wuyts, Kim
Scandariato, Riccardo
Preneel, Bart
Joosen, Wouter
[J]. REQUIREMENTS ENGINEERING, 2011, 16 (01) : 3 - 32
[10] Towards a Privacy Risk Assessment Methodology for Location-Based Systems
Friginal, Jesus
Guiochet, Jeremie
Killijian, Marc-Olivier
[J]. MOBILE AND UBIQUITOUS SYSTEMS: COMPUTING, NETWORKING, AND SERVICES, 2014, 131 : 748 - 753

← 1 2 →