Privacy Risk Analysis
Synthesis Lectures on Information Security, Privacy, & Trust
Editors
Elisa Bertino, Purdue University
Ravi Sandhu, University of Texas, San Antonio
The Synthesis Lectures Series on Information Security, Privacy, and Trust publishes 50- to 100-page publications on topics pertaining to all aspects of the theory and practice of Information Security, Privacy, and Trust. The scope largely follows the purview of premier computer security research journals such as ACM Transactions on Information and System Security, IEEE Transactions on Dependable and Secure Computing and Journal of Cryptology, and premier research conferences, such as ACM CCS, ACM SACMAT, ACM AsiaCCS, ACM CODASPY, IEEE Security and Privacy, IEEE Computer Security Foundations, ACSAC, ESORICS, Crypto, EuroCrypt and AsiaCrypt. In addition to the research topics typically covered in such journals and conferences, the series also solicits lectures on legal, policy, social, business, and economic issues addressed to a technical audience of scientists and engineers. Lectures on significant industry developments by leading practitioners are also solicited.
Privacy Risk Analysis
Sourya Joyee De and Daniel Le Métayer
2016
Introduction to Secure Outsourcing Computation
Xiaofeng Chen
2016
Database Anonymization: Privacy Models, Data Utility, and Microaggregation-based Inter-model Connections
Josep Domingo-Ferrer, David Sánchez, and Jordi Soria-Comas
2016
Automated Software Diversity
Per Larsen, Stefan Brunthaler, Lucas Davi, Ahmad-Reza Sadeghi, and Michael Franz
2015
Trust in Social Media
Jiliang Tang and Huan Liu
2015
Physically Unclonable Functions (PUFs): Applications, Models, and Future Directions
Christian Wachsmann and Ahmad-Reza Sadeghi
2014
Usable Security: History, Themes, and Challenges
Simson Garfinkel and Heather Richter Lipford
2014
Reversible Digital Watermarking: Theory and Practices
Ruchira Naskar and Rajat Subhra Chakraborty
2014
Mobile Platform Security
N. Asokan, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Kari Kostiainen, Elena Reshetova, and Ahmad-Reza Sadeghi
2013
Security and Trust in Online Social Networks
Barbara Carminati, Elena Ferrari, and Marco Viviani
2013
RFID Security and Privacy
Yingjiu Li, Robert H. Deng, and Elisa Bertino
2013
Hardware Malware
Christian Krieg, Adrian Dabrowski, Heidelinde Hobel, Katharina Krombholz, and Edgar Weippl
2013
Private Information Retrieval
Xun Yi, Russell Paulet, and Elisa Bertino
2013
Privacy for Location-based Services
Gabriel Ghinita
2013
Enhancing Information Security and Privacy by Combining Biometrics with Cryptography
Sanjay G. Kanade, Dijana Petrovska-Delacrétaz, and Bernadette Dorizzi
2012
Analysis Techniques for Information Security
Anupam Datta, Somesh Jha, Ninghui Li, David Melski, and Thomas Reps
2010
Operating System Security
Trent Jaeger
2008
Copyright © 2016 by Morgan & Claypool
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means—electronic, mechanical, photocopy, recording, or any other except for brief quotations in printed reviews, without the prior permission of the publisher.
Privacy Risk Analysis
Sourya Joyee De and Daniel Le Métayer
www.morganclaypool.com
ISBN: 9781627054256 paperback
ISBN: 9781627059879 ebook
DOI 10.2200/S00724ED1V01Y201607SPT017
A Publication in the Morgan & Claypool Publishers series
SYNTHESIS LECTURES ON INFORMATION SECURITY, PRIVACY, & TRUST
Lecture #17
Series Editors: Elisa Bertino, Purdue University
Ravi Sandhu, University of Texas, San Antonio
Series ISSN
Print 1945-9742 Electronic 1945-9750
Privacy Risk Analysis
Sourya Joyee De and Daniel Le Métayer
Inria, Université de Lyon
SYNTHESIS LECTURES ON INFORMATION SECURITY, PRIVACY, & TRUST #17
ABSTRACT
Privacy Risk Analysis fills a gap in the existing literature by providing an introduction to the basic notions, requirements, and main steps of conducting a privacy risk analysis.
The deployment of new information technologies can lead to significant privacy risks and a privacy impact assessment should be conducted before designing a product or system that processes personal data. However, if existing privacy impact assessment frameworks and guidelines provide a good deal of details on organizational aspects (including budget allocation, resource allocation, stakeholder consultation, etc.), they are much vaguer on the technical part, in particular on the actual risk assessment task. For privacy impact assessments to keep up their promises and really play a decisive role in enhancing privacy protection, they should be more precise with regard to these technical aspects.
This book is an excellent resource for anyone developing and/or currently running a risk analysis as it defines the notions of personal data, stakeholders, risk sources, feared events, and privacy harms all while showing how these notions are used in the risk analysis process. It includes a running smart grids example to illustrate all the notions discussed in the book.
KEYWORDS
privacy, personal data, data protection, risk, analysis, impact, harm, vulnerability, countermeasure, anonymization, law, legal, regulation
Contents