The privacy technologist's role in the context of the organisation + Risk and Privacy Risk Models

What is Risk?

A potential threat or issue, how big of an impact it has and how likely it is to happen.

What are the three risk levels

Low, Medium and High Impact

What are four ways to manage a risk?

Mitigating the risk (design or control change)

Accepting the risk

Transferring the risk to another entity

Avoiding the risk (abandoning the whole thing)

What is a way of remembering the most important Privacy Risk models?

CaloNissenNiceNistFippFair

What is Nissenbaum’s Contextual Integrity risk model? (NISSEN)

Nissenbaum argued that there are norms and expectations that individuals have when their information is shared in different environments and they expect for information sharing to align with those norms.

How does Contextual Integrity work in practice? (NISSEN)

Privacy technologists must work with organizations to identify existing norms and then figure out how a system could act outside of these norms.

What are Calo’s harm dimensions? (CALO)

Subjective privacy harms cause discomfort and other negative feelings while objective privacy harms cause actual harmful consequences like loss of consumer trust.

What is the NICE framework? (NICE)

The National Initiative for Cybersecurity Education framework is another cybersecurity framework.

What is the FAIR risk model? (FAIR)

The Factors Analysis in Information Risk model breaks risks into the frequency of action and magnitude of violations. It asks, how often will a violation occur and over what period of time? And what impact will that violation have?

What was the first/oldest framework of privacy principles and standards

The Fair Information Practice Principles were introduced in 1973

What models do we use to identify Privacy Threats?

We can use the LINDDUN threat model as well as the PANOPTIC threat model.

What are objective privacy harms?

This involves the unanticipated use of information about a person against that person to commit a crime like identity theft or to just cause a negative reaction.

What are some examples of objective harms?

Examples include the unanticipated sale of a user’s contact information that results in spam or using their information to access their bank details and cause financial harm

What are subjective harms?

This is the unwanted feeling of being observed. This category describes unwelcome mental states like anxiety, embarrassment and fear because of feeling of being watched.

What are examples of subjective harms?

Examples include a landlord eavesdropping on his tenants causing anxiety.

What are the Fair Information Practice Principles? (FIPP)

Data quality

Accountability

Purpose Specification

Use Limitation

Openness

Collection Limitation

Security Safeguatds

Individual Participation

What is the Data Quality Principle?

Personal data that is collected should be relevent, accurate and kept up-to-date.

What is the Collection Limitation Principle?

There should be limits to the collection of personal data and data should be obtained by lawful and fair means and with the knowledge or consent of the data subject.

What is the Purpose Specification Principle?

The purposes for why the personal data is collected should be specified at the time of collection and should only be used for those purposes hereafter.

What is the Use Limitation Principle?

Personal data should not be used or disclosed for any other purpose than the ones specified except with the consent of the data subject or required by law

What is the Security Safeguards Principle?

Personal data should be protected using security safeguards against to avoid data loss or unauthorized access, destruction, use, modification or disclosure of data.

What is the Openness Principle?

There should be a general policy of openness about the use of personal data, such as main purposes of their use and identity of the data controller.

What is the Individual Participation Principle?

Individuals should have the right to access personal data the controller has about them and to challenge data relating to them and, if the challenge is successful to have the data erased, rectified, completed or amended.

What is the Accountability Principle?

A data controller should be accountable for complying with rights requests.

What is the NIST Privacy Risk Model?

This is a privacy risk model that identifies ‘Vulnerabilities’ as ‘Problematic Data Actions’

What is Appropriation?

A type of problematic data action that happens when personal data is used in ways beyond what is expected or authorized by the individual.

What is Distortion?

A type of problematic data action that happens when inaccurate or misleading personal information is used.

What is Induced Disclosure?

A type of problematic data action that happens when individuals are pressured to disclose personal information.

What is Insecurity?

A type of problematic data action that happens when there are issues with data security

What is Surveillance?

A type of problematic data action that happens when personal information is tracked or monitored disproportionate to system objectives.

What is Unanticipated Revelation?

A type of problematic data action that occurs when a person’s personal information is unexpectedly exposed due to processing.

What is Unwarranted Restriction?

A type of problematic data action that prevents individuals from accessing a system and information that relates to them.

Data Protection Officers

Ensure the organization complies with data protection laws, developing privacy policies and serving as the main point of contact for regulatory authorities.

Privacy Engineers

Designs and implements privacy-enhancing technologies within technology systems to address risks and ensure compliance with privacy regulations.

Privacy Technologist

Advisory role that implements privacy measures within technology systems. Manages access controls.

Privacy Analyst

Evaluates privacy risks, monitors compliance with privacy regulations (responding to rights requests), and assists in the development and implementation of privacy policies.

Privacy Program Manager or Privacy Manager

Develops and manages aspects of the privacy program, implements processes and automation.

What parts of the technology system are privacy technologists in charge of to make sure they are in line with privacy regulations?

Security, Computers, Networks, Applications, Websites, Databases

Information Security Manager

Oversees the organization’s information security strategy and manages security teams

Compliance Officer

Ensures the organization adheres to legal and regulatory requirements, conducts compliance audits and develops training programs across the business.

Privacy Notice

A statement published by an organization’s privacy/legal team that informs consumers and business partners about the organization’s information privacy practices.

When should a privacy notice be deployed?

This changes depending on the legislation so it is for the organization to decide. However, if you are processing data, the notice should be provided before you begin doing so.

Most common parts of a privacy notice?

Who are we,

What data are we collecting,

How will the data be used,

Who are we sharing it with?

How can we deliver the privacy notice to the user?

Requiring users to check a box agreeing to the notice before entering the site or purchasing a product, or having a link to the privacy notice on the website.

Privacy Policy

Internal statements designed to communicate best privacy practices and information-handling guidelines for those within an organization. 

Who takes responsibility of a project after a privacy technologist gives advice?

Implementation of any advice rests with the Risk (Business) Owner, Project Manager, or the Data Controller. The privacy technologist only advises on risks.

Why is it a benefit for the privacy technologist to establish a common language for privacy controls?

This allows businesses, regulators, and consumers to speak the same language when discussing personal data. Its good for consistency, clarity and enhanced trust.

How does a privacy technologist evaluate the effectiveness of a privacy policy?

Establishe key objectives and internal controls to evaluate the health of the overall program. Internal controls are objectives.

What is a Data Steward

Data governance role for making sure an organization’s data is accurate, accessible, secure and well-documented

What is a Data Custodian

They are responsible for capturing, storing and disposing of data in line with the data owner's requirements.

What is a Data Owner

This is a senior-level individual or business department who is fully accountable for a specific set of data.

Privacy Impact Assessment

Analysis of how personal information is handled throughout the entire data life cycle.

What is a Data Protection Impact Assessment

Legally required assessment to highlight and mitigate potential risks to data subjects from a high risk processing activities

What is LINDDUN

Privacy threat modeling framework that identifies and mitigates privacy issues during the design phase.

What does LINDDUN stand for

Linkability, Identifiability, Non-Repudiation, Detectability, Disclosure of Information, Unawareness and Non-Compliance

How does LINDDUN work?

Apply each LINDDUN threat and evaluate the likelihood of it occuring during every set of the data flow.

Linking

Linking data items or user actions together to learn more about an individual

Identifying

Learning the identity of an individual through leaks, deduction or inference.

Non-Repudiation

Being able to attribute a claim to an individual

Detecting

Deducing the involvement of an individual by observing them

Data Disclosure

Excessively collecting, storing, processing or sharing personal data

Unawareness

Insufficiently informing individuals about the processing of their data

Non-compliance

Deviating from security and data management legislation/best practices