Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
PRIVACY IMPACT ASSESSMENT IN INDUSTRIAL ECOSYSTEMSMarina Rukavitsyna – 06.09.2019
What is Privacy Impact Assessment
Overview of approaches to Privacy Impact Assessment
Goal-oriented PIA methodologies
Risk-based PIA methodologies
A comparative analysis of the PIA methodologies
Conclusion
References
Seminar "Engineering Responsible Information Systems" 2
AGENDA
3
5
9
14
20
24
27
What is Privacy Impact Assessment
Overview of approaches to Privacy Impact Assessment
Goal-oriented PIA methodologies
Risk-based PIA methodologies
A comparative analysis of the PIA methodologies
Conclusion
References
Seminar "Engineering Responsible Information Systems" 3
3
5
9
14
20
24
27
Roger Clarke:
“Privacy Impact Assessment is a systematic process that identifies and evaluates,from the perspectives of all stakeholders, the potential effects on privacy of a project,initiative or proposed system or scheme, and includes a search for ways to avoid ormitigate negative privacy impacts” (Wright and De Hert, 2012, p. 120).
Four types of privacy (Clarke, 1997):
- Privacy of the person.
- Privacy of personal behaviour.
- Privacy of personal communications.
- Privacy of personal data.
Seminar "Engineering Responsible Information Systems" 4
WHAT IS PRIVACY IMPACT ASSESSMENT
What is Privacy Impact Assessment
Overview of approaches to Privacy Impact Assessment
Goal-oriented PIA methodologies
Risk-based PIA methodologies
A comparative analysis of the PIA methodologies
Conclusion
References
Seminar "Engineering Responsible Information Systems" 5
3
5
9
14
20
24
27
Seminar "Engineering Responsible Information Systems" 6
GOAL-ORIENTED VS RISK-BASED APPROACHES
Source: (Notario et al., 2015)
Seminar "Engineering Responsible Information Systems" 7
KEY STEPS IN THE PIA PROCESS ACCORDING TO DAVID WRIGHT
Source: (Wright et al., 2013)
Seminar "Engineering Responsible Information Systems" 8
THE PROCESS FOR CARRYING OUT A PIA ACCORDING TO THE GDPR REQUIREMENTS
Source: (Article 29 Working Party, 2017)
What is Privacy Impact Assessment
Overview of approaches to Privacy Impact Assessment
Goal-oriented PIA methodologies
Risk-based PIA methodologies
A comparative analysis of the PIA methodologies
Conclusion
References
Seminar "Engineering Responsible Information Systems" 9
3
5
9
14
20
24
27
Seminar "Engineering Responsible Information Systems" 10
UNITED KINGDOM PIA CODE OF PRACTICE
Source: (ICO, 2014)
Seminar "Engineering Responsible Information Systems" 11
THE FRENCH DATA PROTECTION AUTHORITY PIA (CNIL)
Source: (CNIL, 2017)
Seminar "Engineering Responsible Information Systems" 12
THE CNIL TOOL
Seminar "Engineering Responsible Information Systems" 13
GERMAN FEDERAL OFFICE FOR INFORMATION SECURITY PIA (BSI)
Source: (Oetzel et al., 2011)
What is Privacy Impact Assessment
Overview of approaches to Privacy Impact Assessment
Goal-oriented PIA methodologies
Risk-based PIA methodologies
A comparative analysis of the PIA methodologies
Conclusion
References
Seminar "Engineering Responsible Information Systems" 14
3
5
9
14
20
24
27
Seminar "Engineering Responsible Information Systems" 15
MODEL-BASED PIA METHODOLOGY
Source: (Ahmadian, 2018)
Seminar "Engineering Responsible Information Systems" 16
MODEL-BASED PIA METHODOLOGY. CARISMA
Source: (Ahmadian, 2017)
Seminar "Engineering Responsible Information Systems" 17
LINDDUN METHODOLOGY
Source: (Wuyts and W. Joosen, 2015)
Seminar "Engineering Responsible Information Systems" 18
PRIPARE METHODOLOGY
Source: (Notario et al, 2015
- Australia
- Canada: PIAs mandatory for the government agencies (Wright, 2011)
- New Zealand: PIAs mandatory for biometrics industry (Wright and De Hert, 2012)
- The USA: a compulsory PIA is published for government agencies (Wright and De Hert, 2012)
Seminar "Engineering Responsible Information Systems" 19
LEGAL FRAMEWORKS OUTSIDE EUROPE
What is Privacy Impact Assessment
Overview of approaches to Privacy Impact Assessment
Goal-oriented PIA methodologies
Risk-based PIA methodologies
A comparative analysis of the PIA methodologies
Conclusion
References
Seminar "Engineering Responsible Information Systems" 20
3
5
9
14
20
24
27
Seminar "Engineering Responsible Information Systems" 21
PIA GUIDANCE DOCUMENTS Title Type Description
UK PIA Code of practice Goal-oriented A legal framework published by the UK’s Information Commissioner Office. Itincludes lists of privacy risks and questionnaires to guide the analysis.
UK PIA Code of practice Goal-oriented A legal framework based on EBIOS security risk analysis method. It is accompaniedby a beta version of a tool to guide steps of PIA.
BSI PIA Methodology Goal-oriented A legal framework published by the German Federal Office for Information Security.
Model-Based PIA Methodology Risk-based Based on BSI PIA methodology and considers threat modeling with UML.
LINDDUN Methodology Risk-based Considers data flow diagrams and provides templates for PIA steps, reports and riskmitigation examples.
PRIPARE MethodologyRisk-based
Goal-orientedConsiders different threat modeling tools and provides templates for PIA steps and
risk mitigation examples. An EC-funded project.
GDPR DPIA Goal-oriented Set-ups criteria to choose an existing PIA methodology but does not provide PIAmethodology itself.
Seminar "Engineering Responsible Information Systems" 22
A COMPARATIVE ANALYSIS OF THE PIA METHODOLOGIES
Title / Features Code of Practice CNIL BSI Model-Based LINDDUN PRIPARE
Published in 2014 2018 2011 2018 2015 2015
Says PIA is a process V V V V V V
Says a PIA is more than a compliance check V X V V V V
Says PIA should be reviewed, updated, ongoing throughout the project life V V V V V V
Assesses if a PIA is necessary V X V V X V
Addresses all types of privacy X X X V V X
Identifies security risks X X X V X V
Identifies privacy risks V V V V V V
Identifies possible strategies for mitigating those risks X V V V V V
Notations: “V” – yes, “X” – no, “-” - not applicable
Seminar "Engineering Responsible Information Systems" 23
A COMPARATIVE ANALYSIS OF THE PIA METHODOLOGIES Title / Features Code of
Practice CNIL BSI Model-Based LINDDUN PRIPARE
Supports consultation with external stakeholders V Validation
phase Optional V X X
Contains a set of questions to uncover privacy risks V V V - - -
Encourages publication of the PIA report V X V V X V
Provides a suggested structure for a PIA report V V V V X V
Provides a tool automating the PIA processes X V X V X X
Identifies who conduct a PIA DPO/ Risk Manager
Project Owner DPO Not defined Software
analyst
Different roles on different
phases
Requires consultation with privacy commissioner X X X X X X
Notations: “V” – yes, “X” – no, “-” - not applicable
What is Privacy Impact Assessment
Overview of approaches to Privacy Impact Assessment
Goal-oriented PIA methodologies
Risk-based PIA methodologies
A comparative analysis of the PIA methodologies
Conclusion
References
Seminar "Engineering Responsible Information Systems" 24
3
5
9
14
20
24
27
Ø Examined Privacy Impact Assessment (PIA) in general
Ø Reviewed common privacy principles
Ø Reviewed some existing PIA guidelines
Ø Provided a comparative analysis of legal frameworks in use across the EU and existing threat modeling methodologies
Seminar "Engineering Responsible Information Systems" 25
CONCLUSION
The findings of this seminar thesis might be used for the following future works:
Ø Develop criteria to classify PIAs
Ø Develop a unified structure of a PIA report
Ø Develop criteria to assess the effectiveness of a PIA report
Ø Develop a check list of PIA features based on which a particular company can select a PIA methodology according to their needs
Ø Define criteria to develop a GDPR-compliant PIA document suitable for small companies and start-ups
Seminar "Engineering Responsible Information Systems" 26
CONCLUSION
D. Wright and P. De Hert, Privacy impact assessment, 1st ed. Springer Netherlands, 2012
R. Clarke, “Introduction to Dataveillance and Information Privacy, and Definitions of Terms,” XamaxConsultancy Pty Ltd, 1997.
N. Notario et al., “PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology,” in2015 IEEE Security and Privacy Workshops, 2015, pp. 151–158.
D. Wright, R. Finn, and R. Rodrigues, “A comparative analysis of privacy impact assessment in six countries,” J.Contemp. Eur. Res., vol. 9, no. 1, pp. 160–180, 2013.
Article 29 Working Party, “Guidelines on Data Protection Impact Assessment,” 2017.
Information Commissioners Office (ICO), “Conducting privacy impact assessments code of practice,” 2014.
CNIL, “Guidelines on DPIA | CNIL,” French Data Protection Authority (CNIL), 2017.
M. Caroline Oetzel et al., “Privacy Impact Assessment Guideline for RFID Applications,” 2011.
A. S. Ahmadian, D. Strüber, V. Riediger, J. Jürjens, and J. Jür, “Supporting Privacy Impact Assessment by Model-Based Privacy Analysis,” 2018.
References 27
REFERENCES
A. S. Ahmadian, S. Peldszus, Q. Ramadan, and J. Jürjens, “Model-based privacy and security analysis withCARiSMA,” 2017, pp. 989–993.
K. Wuyts and W. Joosen, “LINDDUN privacy threat modeling: a tutorial,” Leuven, Belgium, 2015.
D. Wright, “Should privacy impact assessments be mandatory?,” Commun. ACM, vol. 54, no. 8, p. 121, 2011.
References 28
REFERENCES
THANK YOU FOR YOUR ATTENTION!Marina Rukavitsyna