Privacy Risk Assessment: From Art to Science, by Metrics

Date

2018-09-07

Advisors

Journal Title

Journal ISSN

ISSN

Volume Title

Publisher

Springer

Type

Book chapter

Peer reviewed

Yes

Abstract

Privacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts picking the “correct” risk level on e.g. a five-point scale. In this paper, we argue that a more scientific quantification of privacy risk increases accuracy and reliability and can thus make it easier to build privacy-friendly systems. We discuss how the impact and likelihood of privacy violations can be decomposed and quantified, and stress the importance of meaningful metrics and units of measurement. We suggest a method of quantifying and representing privacy risk that considers a collection of factors as well as a variety of contexts and attacker models. We conclude by identifying some of the major research questions to take this approach further in a variety of application scenarios.

Description

Keywords

Privacy risk metrics, Privacy impact assessment

Citation

Wagner I., Boiten E. (2018) Privacy Risk Assessment: From Art to Science, by Metrics. In: Garcia-Alfaro J., Herrera-Joancomartí J., Livraga G., Rios R. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM 2018, CBT 2018. Lecture Notes in Computer Science, vol 11025, Heidelberg:Springer.

Rights

Research Institute