Upload File

www.informationpolicycentre.com 1. the role of privacy risk framework and risk-based approach in...

  • Home
  • Documents
  • Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy
6
www.informationpolicycentre.c om 1

Upload: jonah-lynch

Post on 19-Jan-2016

214 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy

1www.informationpolicycentre.com

Page 2: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy

The role of Privacy Risk Framework and Risk-Based Approach in Delivering

Effective Privacy Compliance

Bojana BellamyInternational Privacy Commissioners’ Conference, Mauritius

October 2014

Page 3: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy

3www.informationpolicycentre.com

Why is Privacy Risk “In”?

It has always been “in”, but with a different focus – Risk to organisations v. Risk to individuals (tangible and non-tangible harms /negative impact from data processing)

Modern information age requires an evolved interpretation and implementation of privacy principles and innovative models of co-regulation and compliance

The need to translate abstract goals of privacy and fundamental rights into more understandable, concrete and implementable steps to non-experts

Risk-based approach does not replace existing law, privacy principles, accountability and regulatory supervision, but calibrates compliance – based on context , severity, likelihood

Risk assessment is an increasing legal requirement and an element of organisational accountability

Page 4: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy

4www.informationpolicycentre.com

Benefits of a Risk-based Approachto Privacy

Effec

tiven

ess

Organisations Prioritisation; predictability; ROI in

compliance; protection of reputation and shareholder value

DP regulators Prioritisation in oversight, enforcement, sanction

Law and policy makersSmart regulation = calibrated and context driven; outcome based;

technology neutral

Individuals Real protection

Society Enables economic growth, societal

benefits and protection of fundamental rights

Prospects to improve global interoperability by creating common expectations, common best practices and common outcomes

Page 5: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy

5www.informationpolicycentre.com

Organisational Accountability andPrivacy Management Program

Accountability and Effective Compliance

Leadership & Oversight

Risk Assessment

Policies & Procedures

Privacy by Design

Training & Communication

Verification and Audits

Response and Enforcement

Page 6: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy

6www.informationpolicycentre.com

Risk Assessment Calibrates Privacy Program and Compliance

Risk Assessment

At program level

Determines the program

and the elements

Periodic program

assessment v. internal and

external risks

Adjusting elements of the program

At element and requirement level

New product, service,

technology (PIA, PbD)

Legitimate Interest

ProcessingSecurity Data Breach


Bojana 15 Renes

Bojana 01 Praistorija

PRIAM: A Privacy Risk Analysis Methodology

Understanding Privacy Breach Risk: Ontario Universities Risk Management Symposium

Privacy Risk Assessments - NIST

CYBER AND PRIVACY RISK ADVISORY

BOJANA NIKOLIĆ

Bojana 23 Srpska2

Bojana Rosic 17072012

Upravno Pravo Bojana

Privacy Risk Analysis Based on System Control Structures–Explicitly force choice of defined privacy risk model for determining adverse consequences STPA-Priv refers to privacy “frameworks”

Bojana Vekić

Special Risk and Your Privacy - gblbl.weebly.com

Privacy risk and opportunity identification - ICT.govt.nz · business as usual ... identification Privacy risk and opportunity identification. Privacy risk and opportunity identification

Bojana 11 Srpska1

Cyber and privacy risk management (pdf)

Psihologija Bojana Skorc.doc

Bojana 03 Egipat

Privacy Risk Solutions

Privacy Risk in Anonymized Heterogeneous Information Networks

Bojana 14 Gotika

Bojana 05 grcka

Data Security & Privacy Risk Management

Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems, presented at DIS2004

Bojana VONCINA

Edelman Privacy Risk Index Powered by Ponemon

Bojana 16 Barok

Editor: Bojana Balon

Bojana Vekić - Reciklaža

Global Data Privacy Law and Practice - Looking Around the Corners Bojana Bellamy, President, Centre for Information Policy Leadership NIST, December 2014

Crowdsourcing Privacy Risk Assessment An Interactive Model for Evaluating and Comparing Privacy Systems

cv bojana en

Network Security & Privacy Risk: Are you prepared?

Privacy Risk Assessments - Perkins & COperkinsaccounting.com/wp-content/uploads/ISACA-Privacy-Risk... · Identify key data privacy objectives ... Information, Anonymity Limiting Collection

Bojana 20 Impresionizam