Towards a Privacy Scorecard - Initial Design Exemplified on an Intelligent Transport Systems Service

被引:0
作者
Omerovic, Aida [1 ]
Natvig, Marit Kjosnes [1 ]
Tardy, Isabelle C. R. [1 ]
机构
[1] SINTEF, Trondheim, Norway
来源
ICISSP: PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY | 2017年
关键词
Privacy Compliance; Privacy Scorecard; Intelligent Transport Systems;
D O I
10.5220/0006284405850593
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Increasingly many services depend on access to data that are traceable to individuals, the so-called "personally identifiable information" (PII). The ecosystem of PII-dependent services is growing, becoming highly complex and dynamic. As a result, a wide variety of PII is constantly collected, stored, exchanged, and applied by all kinds of services. Practice of PII handling among service providers varies, as does the insight and influence of the end-users on how their own PII is treated. For a user, privacy represents a condition for his/her trust and service adoption. It is moreover essential for a service provider to be able to claim privacy awareness over time. This is particularly important as the new EU privacy regulation is about to become operative, thus enforcing strict privacy requirements on the service providers and giving new rights to the users. In order to preserve user trust and manage the technical and legal privacy requirements, a practically usable support to continuously and transparently plan and follow-up privacy compliance, is needed. To this end, we propose an initial version of a so-called "Privacy Scorecard", that is, a decision support for a service provider aimed to facilitate identification, specification, measurement and follow-up of fulfilment of privacy goals in a relatively transparent and comprehensible manner. In this position paper, we present initial design and intended usage of the Privacy Scorecard. We also exemplify how it can be applied to a concrete service. The initial findings indicate feasibility of the approach and suggest directions for further work, including refinement of the scorecard design and usage guidelines, tool support for visualization, as well as further empirical evaluation.
引用
收藏
页码:585 / 593
页数:9
相关论文
共 15 条
[1]  
[Anonymous], 2013, PRIVACY SECURITY CLO
[2]  
[Anonymous], 1995, PERFORMANCE MEASUREM
[3]  
Erdogan G., 2016, A27830 SINTEF
[4]   Towards a Privacy Risk Assessment Methodology for Location-Based Systems [J].
Friginal, Jesus ;
Guiochet, Jeremie ;
Killijian, Marc-Olivier .
MOBILE AND UBIQUITOUS SYSTEMS: COMPUTING, NETWORKING, AND SERVICES, 2014, 131 :748-753
[5]  
Hietanen S., 2014, EUROTRANSPORT, V12, P2
[6]  
International Standard Organization, 2011, INT STAND ISO IEC IN
[7]  
ISO, 2008, 223072008E ISO
[8]  
Knirsch F, 2015, 2015 INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP), P173
[9]   Assessing Privacy Risks in Android: A User-Centric Approach [J].
Mylonas, Alexios ;
Theoharidou, Marianthi ;
Gritzalis, Dimitris .
RISK ASSESSMENT AND RISK-DRIVEN TESTING, RISK 2013, 2014, 8418 :21-37
[10]  
NIST SP, 2012, 80030 NIST SP