Privacy-By-Design through systematic privacy impact assessment

Sarah Spiekermann-Hoff, Marie Caroline Oetzel

Publikation: Wissenschaftliche FachzeitschriftOriginalbeitrag in FachzeitschriftBegutachtung

264 Downloads (Pure)

Abstract

For companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting these data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company's reputation and finances, as well as negative effects for customers or employees (data subjects). To address this problem, we propose a methodology that systematically considers privacy issues by using a step-by-step privacy impact assessment (PIA). Existing PIA approaches cannot be applied easily because they are improperly structured or imprecise and lengthy. We argue that companies that employ our PIA can achieve "privacy-by-design", which is widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications.
OriginalspracheEnglisch
Seiten (von - bis)128 - 150
FachzeitschriftEuropean Journal of Information Systems (EJIS)
Jahrgang23
Ausgabenummer2
DOIs
PublikationsstatusVeröffentlicht - 1 Juli 2013

Österreichische Systematik der Wissenschaftszweige (ÖFOS)

  • 508

Zitat