Dear all
My own high level comments:
Key points
·
“The model defines an equation and a series of inputs designed to enable (i) the identification of problems for individuals that can arise from the processing of personal information and (ii) the calculation of how such problems
can be reflected in an organizational risk management approach that allows for prioritization and resource allocation to achieve agency missions while minimizing adverse events for individuals and agencies collectively”. Clearly takes into account risks affecting
data subjects but only reflects them at an organizational level.
·
There is no reference on when to conduct this risk assessment. It seems to “ignore or neglect” privacy by design principles such as taking into account privacy issues from the onset of project and systems.
·
Security risk assessment vs privacy risk assessment: “A privacy risk management framework, therefore, should provide the capability to assess the risk of problems for individuals arising from the operations of the system that
involve the processing of their information. Cybersecurity risk management frameworks, standards, and best practices can be used to address risks to individuals arising from unauthorized access to their information”
·
It explicitly talks about having the “demonstration of specified privacy-preserving functionality” as a business objective. This view will be reflected in the final version of PRIPARE PSbD methodology.
·
The framework is based on three privacy engineering objectives that have been developed for the purpose of facilitating the development and operation of privacy-preserving information systems: predictability, manageability, and
disassociability. These principles can be mapped to PRIPARE’s suggested privacy principles:
|
Predictability
|
Accountability
|
|
Transparency and openness
|
|
Compliance with notification requirements
|
|
Limited conservation and retention
|
|
Manageability
|
Data quality
|
|
Purpose specification and limitation (finality or legitimacy)
|
|
Purpose specification and limitation for sensitive data
|
|
Right of access
|
|
Right to object
|
|
Right to erasure
|
|
Disassociability
|
Confidentiality and security
|
|
Privacy and data protection by default
|
|
Privacy and data protection by design
|
·
Takes into account contextual factors that may modify the impact of a privacy issue.
·
An interesting idea is to always keep the mitigated risks at sight. Completely removing them is a risk itself as it “can create an inaccurate assessment of existing or potential risks, and often created temptation for pilots to
dismiss potential risks’ existence because they were already perceived as resolved”. This view will be reflected in the final version of PRIPARE’s PSbD
·
One of the major concerns from my side is that the proposed model may neglect addressing issues that are very likely and with a high level of impact if they do not have a direct organizational impact. This approach steps away
from user-centric models where data subjects and its information are the asset to protect and completely focuses on protecting the organization. It is no longer protecting data subjects from privacy issues but protecting the organization from its consequences
upon them
·
A second concern is that it does not link to other efforts in terms of privacy protection. E.g. Privacy Impact Assessments largely recognize the need for assessing and managing privacy risks and that there are already PIA frameworks
providing their own risk framework or model (E.g. BSI PIA assessment guideline https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ElekAusweise/PIA/Privacy_Impact_Assessment_Guideline_Langfassung.pdf?__blob=publicationFile)
Best regards
From: pbd-se@lists.oasis-open.org
[mailto:pbd-se@lists.oasis-open.org] On Behalf Of Antonio kung
Sent: Tuesday, June 16, 2015 3:09 PM
To: pmrm@lists.oasis-open.org; pbd-se@lists.oasis-open.org
Subject: Re: [pbd-se] Privacy Risk Management for Federal Information Systems Observations by Gail Magnuson
Dear all,
Some remarks from me
Antonio Kung
Le 16/06/2015 15:32, Gail Magnuson a écrit :
Greetings,
Attached are my observations and comments.
Best, Gail
Gail Magnuson, LLC
Gail Ann Magnuson
Mobile: 1.704.232.5648
Residence: Ponce Inlet, FL
Mailing Address
4624 Harbour Village Boulevard #4406
Ponce Inlet, FL 32127
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
--
_________________________________________________________________________
TRIALOG
25 rue du general Foy
F-75008 Paris
http://www.trialog.com
Tel : 33 (0) 1 44 70 61 00 Direct : 33 (0) 1 44 70 61 03
Fax : 33 (0) 1 44 70 05 91
mailto:antonio.kung@trialog.com
_________________________________________________________________________
-- Software Engineering Focused on Embedded Systems Technology --
-- Connectivity Solutions for Embedded Systems --
_____________________________________________________________________
The information contained in this transmission, which may be
confidential and proprietary, is only for the intended recipients.
Unauthorized use is strictly prohibited. If you receive this
transmission in error, please notify me immediately by telephone
or electronic mail and confirm that you deleted this transmission
and the reply from your electronic mail system.
_____________________________________________________________________
This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it.