Skip to main content
SpringerLink
Log in

PRIAM: A Privacy Risk Analysis Methodology

  • Conference paper
  • First Online:
Data Privacy Management and Security Assurance (DPM 2016, QASA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9963))

Abstract

Privacy Impact Assessments (PIA) are recognized as a key step to enhance privacy protection in new information systems and services. They will be required in Europe when the new General Data Protection Regulation becomes effective. From a technical perspective, the core of a PIA is a Privacy Risk Analysis (PRA), which has received relatively less attention than organizational and legal aspects of PIAs. In this work, we propose a rigorous and systematic PRA methodology. We illustrate it with a quantified self use-case in the extended paper [9].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In order to err on the safe side in terms of privacy protection, we consider dependent nodes such that one node may potentially imply all other nodes.

  2. 2.

    In order to err on the safe side in terms of privacy protection, we consider dependent nodes such that each node may exclude all other nodes. Hence the use of the sum.

References

  1. Privacy Risk Management for Federal Information Systems (2015). http://csrc.nist.gov/publications/drafts/nistir-8062/nistir-8062-draft.pdf

  2. European Commission. General Data Protection Regulation (2016)

    Google Scholar 

  3. Antignac, T., Le Métayer, D.: Trust driven strategies for privacy by design. In: Damsgaard Jensen, C., Marsh, S., Dimitrakos, T., Murayama, Y. (eds.) IFIPTM 2015. IFIP AICT, vol. 454, pp. 60–75. Springer, Heidelberg (2015)

    Google Scholar 

  4. Baringer, F.: New Electricity Meters Stir Fear (2011). www.nytimes.com

  5. Calo, R.: The Boundaries of Privacy Harm. Ind. LJ 86, 1131 (2011)

    Google Scholar 

  6. CNIL. Privacy Impact Assessment (PIA) Methodology (2015)

    Google Scholar 

  7. CNIL. Privacy Impact Assessment (PIA) Tools (2015)

    Google Scholar 

  8. De, S.J., Le Métayer, D.: Privacy harm analysis: a case study on smart grids. In: International Workshop on Privacy Engineering, IEEE (2016)

    Google Scholar 

  9. De, S.J., Le Métayer, D.: PRIAM: A Privacy Risk Analysis Methodology. INRIA Research Report, (RR-8876), July 2016

    Google Scholar 

  10. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfilment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)

    Article  Google Scholar 

  11. Friginal, J., Guiochet, J., Killijian, M.-O.: Towards a privacy risk assessment methodology for location-based systems. In: Stojmenovic, I., Cheng, Z., Guo, S. (eds.) MindCare 2014. LNICSSITE, vol. 131, pp. 748–753. Springer, Heidelberg (2014). doi:10.1007/978-3-319-11569-6_65

    Google Scholar 

  12. Hill, K.: Fitbit moves quickly after users’ sex stats exposed. Forbes 26, 515–519 (2011)

    Google Scholar 

  13. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014)

    Google Scholar 

  14. Lisovich, M., Mulligan, D.K., Wicker, S.B., et al.: Inferring personal information from demand-response systems. Secur. Priv. IEEE 8(1), 11–20 (2010)

    Article  Google Scholar 

  15. Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 126–150 (2014)

    Article  Google Scholar 

  16. Oetzel, M.C., Spiekermann, S., Grüning, I., Kelter, H., Mull, S.: Privacy Impact Assessment Guideline for RFID Applications (2011). www.bsi.bund.de

  17. SGTF. Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems (2014). http://ec.europa.eu/

  18. Solove, D.J.: A taxonomy of privacy. U. Pa. L. Rev. 154, 477–564 (2006)

    Article  Google Scholar 

  19. Wright, D.: Making privacy impact assessment more effective. Inf. Soc. 29(5), 307–315 (2013)

    Article  Google Scholar 

  20. Wright, D., Finn, R., Rodrigues, R.: A comparative analysis of privacy impact assessment in six countries. J. Contemp. Eur. Res. 9(1), 160–180 (2013)

    Google Scholar 

  21. Zwingelberg, H., Hansen, M.: Privacy protection goals and their implications for eID systems. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 375, pp. 245–260. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Acknowledgements

This work has been partially funded by the French ANR-12-INSE-0013 project BIOPRIV and Inria Project Lab CAPPRIS.

Author information

Authors and Affiliations

  1. INRIA, Université de Lyon, Lyon, France

    Sourya Joyee De & Daniel Le Métayer

Authors
  1. Sourya Joyee De
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Le Métayer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sourya Joyee De .

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  2. University of Skövde , Skövde, Sweden

    Vicenç Torra

  3. University of Urbino , Urbino, Italy

    Alessandro Aldini

  4. IIT National Research Council CNR , Pisa, Italy

    Fabio Martinelli

  5. Technische Universität Darmstadt , Darmstadt, Germany

    Neeraj Suri

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

De, S.J., Le Métayer, D. (2016). PRIAM: A Privacy Risk Analysis Methodology. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management and Security Assurance. DPM QASA 2016 2016. Lecture Notes in Computer Science(), vol 9963. Springer, Cham. https://doi.org/10.1007/978-3-319-47072-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47072-6_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47071-9

  • Online ISBN: 978-3-319-47072-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation