Dear all My own high level comments: Key points · “The model defines an equation and a series of inputs designed to enable (i) the identification of problems for individuals that can arise from the processing of personal information and (ii) the calculation of how such problems can be reflected in an organizational risk management approach that allows for prioritization and resource allocation to achieve agency missions while minimizing adverse events for individuals and agencies collectively”. Clearly takes into account risks affecting data subjects but only reflects them at an organizational level. · There is no reference on when to conduct this risk assessment. It seems to “ignore or neglect” privacy by design principles such as taking into account privacy issues from the onset of project and systems. · Security risk assessment vs privacy risk assessment: “A privacy risk management framework, therefore, should provide the capability to assess the risk of problems for individuals arising from the operations of the system that involve the processing of their information. Cybersecurity risk management frameworks, standards, and best practices can be used to address risks to individuals arising from unauthorized access to their information” · It explicitly talks about having the “demonstration of specified privacy-preserving functionality” as a business objective. This view will be reflected in the final version of PRIPARE PSbD methodology. · The framework is based on three privacy engineering objectives that have been developed for the purpose of facilitating the development and operation of privacy-preserving information systems: predictability, manageability, and disassociability. These principles can be mapped to PRIPARE’s suggested privacy principles: Predictability Accountability Transparency and openness Compliance with notification requirements Limited conservation and retention Manageability Data quality Purpose specification and limitation (finality or legitimacy) Purpose specification and limitation for sensitive data Right of access Right to object Right to erasure Disassociability Confidentiality and security Privacy and data protection by default Privacy and data protection by design · Takes into account contextual factors that may modify the impact of a privacy issue. · An interesting idea is to always keep the mitigated risks at sight. Completely removing them is a risk itself as it “can create an inaccurate assessment of existing or potential risks, and often created temptation for pilots to dismiss potential risks’ existence because they were already perceived as resolved”. This view will be reflected in the final version of PRIPARE’s PSbD · One of the major concerns from my side is that the proposed model may neglect addressing issues that are very likely and with a high level of impact if they do not have a direct organizational impact. This approach steps away from user-centric models where data subjects and its information are the asset to protect and completely focuses on protecting the organization. It is no longer protecting data subjects from privacy issues but protecting the organization from its consequences upon them · A second concern is that it does not link to other efforts in terms of privacy protection. E.g. Privacy Impact Assessments largely recognize the need for assessing and managing privacy risks and that there are already PIA frameworks providing their own risk framework or model (E.g. BSI PIA assessment guideline
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ElekAusweise/PIA/Privacy_Impact_Assessment_Guideline_Langfassung.pdf?__blob=publicationFile) Best regards From:
pbd-se@lists.oasis-open.org [mailto:
pbd-se@lists.oasis-open.org] On Behalf Of Antonio kung Sent: Tuesday, June 16, 2015 3:09 PM To:
pmrm@lists.oasis-open.org;
pbd-se@lists.oasis-open.org Subject: Re: [pbd-se] Privacy Risk Management for Federal Information Systems Observations by Gail Magnuson Dear all, Some remarks from me Antonio Kung Le 16/06/2015 15:32, Gail Magnuson a écrit : Greetings, Attached are my observations and comments. Best, Gail Gail Magnuson, LLC Gail Ann Magnuson Mobile: 1.704.232.5648 Residence: Ponce Inlet, FL Mailing Address 4624 Harbour Village Boulevard #4406 Ponce Inlet, FL 32127 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php -- _________________________________________________________________________ TRIALOG 25 rue du general Foy F-75008 Paris
http://www.trialog.com Tel : 33 (0) 1 44 70 61 00 Direct : 33 (0) 1 44 70 61 03 Fax : 33 (0) 1 44 70 05 91 mailto:
antonio.kung@trialog.com _________________________________________________________________________ -- Software Engineering Focused on Embedded Systems Technology -- -- Connectivity Solutions for Embedded Systems -- _____________________________________________________________________ The information contained in this transmission, which may be confidential and proprietary, is only for the intended recipients. Unauthorized use is strictly prohibited. If you receive this transmission in error, please notify me immediately by telephone or electronic mail and confirm that you deleted this transmission and the reply from your electronic mail system. _____________________________________________________________________ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente y pueden estar protegidos por secreto profesional. Si usted recibe este correo electrónico por error, gracias por informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos, salvo ratificación escrita por ambas partes. Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus.