🌙

识别未定义的风险:隐私影响评估过程中的风险模型与隐私风险识别方法

Identifying undefined risks: A risk model and a privacy risk identification measure in the privacy impact assessment process

Information Society · 2024
被引 1
ABS 3

中文导读

研究了隐私影响评估中风险识别步骤的两个关键要素:一个能捕捉多种隐私风险实现过程的风险模型,以及一套结合合规检查和风险因素列表的风险识别方法。

Abstract

Privacy impact assessment (PIA) has attracted the attention of privacy watchdogs and researchers for decades. This study focuses on a risk model and risk identification method, which are two crucial elements of the risk identification step in the PIA process. As a preparatory work, this article reviews national and international organizations’ current templates and guidelines and finds that PIA guidance includes multiple domains but rarely provide a risk model or a systematic risk identification method. Based on the analysis, our study offers a risk model that can capture various privacy risk realization processes. It further proposes a combination of risk identification methods that correspond to the main target domains in the PIA and the proposed risk model. This combination consists of privacy principles of a given personal information or privacy rule to check compliance with the rule, and our suggested list of risk factors is useful in inductively finding potential risk scenarios that violate social expectations of privacy.

隐私影响评估风险模型隐私风险识别信息隐私数据保护