Challenges in assessing privacy impact: Tales from the front lines

Date

2019-12-13

Advisors

Journal Title

Journal ISSN

ISSN

Volume Title

Publisher

John Wiley & Sons

Type

Article

Peer reviewed

Yes

Abstract

Data protection impact assessments (DPIAs) aim to identify, rank, and mitigate privacy risks. Even though DPIAs are legally mandated in some cases and privacy professionals perform DPIAs on a daily basis, facilitating the systematic measurement of privacy risks is an open problem. Research on privacy risk measurement often does not take into account the practical needs and requirements for DPIAs in real organizations. In this article, we fill this gap by reporting on focus groups we held with a diverse group of privacy professionals. Through thematic analysis, we identify three themes that emerged from the focus groups: (a) how privacy in the contemporary society affects privacy risk assessment; (b) current practices and procedures in privacy risk assessment; and (c) common issues and challenges. Based on these themes, we identify future research directions for privacy risk measurement. Our article can help to ground research on privacy risk measurement in practical challenges faced by privacy professionals.

Description

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.

Keywords

DPIA, focus groups, PIA, privacy harm, privacy impact,, privacy metrics, risk assessment, thematic analysis

Citation

Ferra, F., Wagner, I., Boiten, E., Hadlington, L., Psychoula, I. and Snape, R. (2019) Challenges in assessing privacy impact: Tales from the front lines. Security and Privacy. e101.

Rights

Research Institute