privacy impact assessment in industrial ecosystems · existing threat modeling methodologies...

PRIVACY IMPACT ASSESSMENT IN INDUSTRIAL ECOSYSTEMSMarina Rukavitsyna – 06.09.2019

What is Privacy Impact Assessment

Overview of approaches to Privacy Impact Assessment

Goal-oriented PIA methodologies

Risk-based PIA methodologies

A comparative analysis of the PIA methodologies

Conclusion

References

Seminar "Engineering Responsible Information Systems" 2

AGENDA

3

5

9

14

20

24

27






Conclusion

References


3

5

9

14

20

24

27

Roger Clarke:

“Privacy Impact Assessment is a systematic process that identifies and evaluates,from the perspectives of all stakeholders, the potential effects on privacy of a project,initiative or proposed system or scheme, and includes a search for ways to avoid ormitigate negative privacy impacts” (Wright and De Hert, 2012, p. 120).

Four types of privacy (Clarke, 1997):

- Privacy of the person.

- Privacy of personal behaviour.

- Privacy of personal communications.

- Privacy of personal data.


WHAT IS PRIVACY IMPACT ASSESSMENT






Conclusion

References


3

5

9

14

20

24

27


GOAL-ORIENTED VS RISK-BASED APPROACHES

Source: (Notario et al., 2015)


KEY STEPS IN THE PIA PROCESS ACCORDING TO DAVID WRIGHT

Source: (Wright et al., 2013)


THE PROCESS FOR CARRYING OUT A PIA ACCORDING TO THE GDPR REQUIREMENTS

Source: (Article 29 Working Party, 2017)






Conclusion

References


3

5

9

14

20

24

27


UNITED KINGDOM PIA CODE OF PRACTICE

Source: (ICO, 2014)


THE FRENCH DATA PROTECTION AUTHORITY PIA (CNIL)

Source: (CNIL, 2017)


THE CNIL TOOL


GERMAN FEDERAL OFFICE FOR INFORMATION SECURITY PIA (BSI)

Source: (Oetzel et al., 2011)






Conclusion

References


3

5

9

14

20

24

27


MODEL-BASED PIA METHODOLOGY

Source: (Ahmadian, 2018)


MODEL-BASED PIA METHODOLOGY. CARISMA

Source: (Ahmadian, 2017)


LINDDUN METHODOLOGY

Source: (Wuyts and W. Joosen, 2015)


PRIPARE METHODOLOGY

Source: (Notario et al, 2015

- Australia

- Canada: PIAs mandatory for the government agencies (Wright, 2011)

- New Zealand: PIAs mandatory for biometrics industry (Wright and De Hert, 2012)

- The USA: a compulsory PIA is published for government agencies (Wright and De Hert, 2012)


LEGAL FRAMEWORKS OUTSIDE EUROPE






Conclusion

References


3

5

9

14

20

24

27


PIA GUIDANCE DOCUMENTS Title Type Description

UK PIA Code of practice Goal-oriented A legal framework published by the UK’s Information Commissioner Office. Itincludes lists of privacy risks and questionnaires to guide the analysis.

UK PIA Code of practice Goal-oriented A legal framework based on EBIOS security risk analysis method. It is accompaniedby a beta version of a tool to guide steps of PIA.

BSI PIA Methodology Goal-oriented A legal framework published by the German Federal Office for Information Security.

Model-Based PIA Methodology Risk-based Based on BSI PIA methodology and considers threat modeling with UML.

LINDDUN Methodology Risk-based Considers data flow diagrams and provides templates for PIA steps, reports and riskmitigation examples.

PRIPARE MethodologyRisk-based

Goal-orientedConsiders different threat modeling tools and provides templates for PIA steps and

risk mitigation examples. An EC-funded project.

GDPR DPIA Goal-oriented Set-ups criteria to choose an existing PIA methodology but does not provide PIAmethodology itself.


A COMPARATIVE ANALYSIS OF THE PIA METHODOLOGIES

Title / Features Code of Practice CNIL BSI Model-Based LINDDUN PRIPARE

Published in 2014 2018 2011 2018 2015 2015

Says PIA is a process V V V V V V

Says a PIA is more than a compliance check V X V V V V

Says PIA should be reviewed, updated, ongoing throughout the project life V V V V V V

Assesses if a PIA is necessary V X V V X V

Addresses all types of privacy X X X V V X

Identifies security risks X X X V X V

Identifies privacy risks V V V V V V

Identifies possible strategies for mitigating those risks X V V V V V

Notations: “V” – yes, “X” – no, “-” - not applicable


A COMPARATIVE ANALYSIS OF THE PIA METHODOLOGIES Title / Features Code of

Practice CNIL BSI Model-Based LINDDUN PRIPARE

Supports consultation with external stakeholders V Validation

phase Optional V X X

Contains a set of questions to uncover privacy risks V V V - - -

Encourages publication of the PIA report V X V V X V

Provides a suggested structure for a PIA report V V V V X V

Provides a tool automating the PIA processes X V X V X X

Identifies who conduct a PIA DPO/ Risk Manager

Project Owner DPO Not defined Software

analyst

Different roles on different

phases

Requires consultation with privacy commissioner X X X X X X

Notations: “V” – yes, “X” – no, “-” - not applicable






Conclusion

References


3

5

9

14

20

24

27

Ø Examined Privacy Impact Assessment (PIA) in general

Ø Reviewed common privacy principles

Ø Reviewed some existing PIA guidelines

Ø Provided a comparative analysis of legal frameworks in use across the EU and existing threat modeling methodologies


CONCLUSION

The findings of this seminar thesis might be used for the following future works:

Ø Develop criteria to classify PIAs

Ø Develop a unified structure of a PIA report

Ø Develop criteria to assess the effectiveness of a PIA report

Ø Develop a check list of PIA features based on which a particular company can select a PIA methodology according to their needs

Ø Define criteria to develop a GDPR-compliant PIA document suitable for small companies and start-ups


CONCLUSION

D. Wright and P. De Hert, Privacy impact assessment, 1st ed. Springer Netherlands, 2012

R. Clarke, “Introduction to Dataveillance and Information Privacy, and Definitions of Terms,” XamaxConsultancy Pty Ltd, 1997.

N. Notario et al., “PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology,” in2015 IEEE Security and Privacy Workshops, 2015, pp. 151–158.

D. Wright, R. Finn, and R. Rodrigues, “A comparative analysis of privacy impact assessment in six countries,” J.Contemp. Eur. Res., vol. 9, no. 1, pp. 160–180, 2013.

Article 29 Working Party, “Guidelines on Data Protection Impact Assessment,” 2017.

Information Commissioners Office (ICO), “Conducting privacy impact assessments code of practice,” 2014.

CNIL, “Guidelines on DPIA | CNIL,” French Data Protection Authority (CNIL), 2017.

M. Caroline Oetzel et al., “Privacy Impact Assessment Guideline for RFID Applications,” 2011.

A. S. Ahmadian, D. Strüber, V. Riediger, J. Jürjens, and J. Jür, “Supporting Privacy Impact Assessment by Model-Based Privacy Analysis,” 2018.

References 27

REFERENCES

A. S. Ahmadian, S. Peldszus, Q. Ramadan, and J. Jürjens, “Model-based privacy and security analysis withCARiSMA,” 2017, pp. 989–993.

K. Wuyts and W. Joosen, “LINDDUN privacy threat modeling: a tutorial,” Leuven, Belgium, 2015.

D. Wright, “Should privacy impact assessments be mandatory?,” Commun. ACM, vol. 54, no. 8, p. 121, 2011.

References 28

REFERENCES

THANK YOU FOR YOUR ATTENTION!Marina Rukavitsyna

privacy impact assessment in industrial ecosystems · existing threat modeling methodologies...

Documents