Using Risk Management to Improve Privacy in Information Systems 1

Potential Problems for Individuals 2 Loss of Self Determination Loss of Autonomy Exclusion Loss of Liberty Physical Harm Loss of Trust Discriminatio n Stigmatization Power Imbalance Economic Loss

3 Fram e Asses s Respon d Monito r

Senior Management Product Manager 4 Engineer Controls Objectives Metrics Governance Risk Model Risk Assessment Requiremen ts System Design Evaluation

The Right Tool for the Job Many current privacy approaches are some mixture of governance principles, requirements and controls. Transparency Individual Participation Purpose Specification Data Minimization Use Limitation Data Quality and Integrity Security Accountability and Auditing Authority and Purpose Accountability, Audit, and Risk Management Data Quality and Integrity Data Minimization and Retention Individual Participation and Redress Security Transparency Use Limitation NIST SP , Appendix JUSG FIPPs

NISTIR NIST Process Workshop 2 Sep 2014 Draft Proposal for Objectives and Risk Model Aug 2014 Workshop 1 April 2014

Draft Privacy Engineering Objectives The objectives are characteristics or properties of the system. The objectives support policy Part of broader risk management framework, including security, etc. 7 Predictability Manageability Unlinkability or Obscurity?

Security Risk Equation 8 Security Risk = Vulnerability * Threat * Impact

Identifying System Privacy Risk 9 Privacy Risk Likelihood of Problemati c Data Actions Impact Personal Informatio n Contex t Data Actions

Frame Business Objectives Frame Org Privacy Governance Assess System Design Assess Privacy Risk Design Privacy Controls Monitor Change

Resources NIST website: 11