Privacy Risk Analysis fills a gap in the existing literature by providing an introduction to the basic notions, requirements, and main steps of conducting a privacy risk analysis.

The deployment of new information technologies can lead to significant privacy risks and a privacy impact assessment should be conducted before designing a product or system that processes personal data. However, if existing privacy impact assessment frameworks and guidelines provide a good deal of details on organizational aspects (including budget allocation, resource allocation, stakeholder consultation, etc.), they are much vaguer on the technical part, in particular on the actual risk assessment task. For privacy impact assessments to keep up their promises and really play a decisive role in enhancing privacy protection, they should be more precise with regard to these technical aspects.

This book is an excellent resource for anyone developing and/or currently running a risk analysis as it defines the notions of personal data, stakeholders, risk sources, feared events, and privacy harms all while showing how these notions are used in the risk analysis process. It includes a running smart grids example to illustrate all the notions discussed in the book.

Autorentext

Sourya Joyee De is an Assistant Professor in IT & Systems at Indian Institute of Management Raipur, India. She is a Fellow of Indian Institute of Management Calcutta (Ph.D.). Prior to joining IIM Raipur, Sourya held research positions at INRIA Grenoble Rhone-Alpes and LORIA-CNRS-INRIA Nancy Grand-Est, France for close to four years. Her research has been funded by the French ANR project BIOPRIV, CISCO San Jose, CA, USA, Samsung GRO Grant, INRIA Project Lab CAPPRIS, and the Grand-Est Region, France. Sourya was also a Visiting Scientist at Indian Statistical Institute Kolkata, India. Her research interests include privacy risk analysis, user consent in the context of privacy, privacy policies, security in cloud computing, and rational cryptography. Her research has been published at various reputed journals and conferences. She has also published a book titled Privacy Risk Analysis with Morgan & Claypool Publishers, San Rafel, CA, USA.Abdessamad Imine received M.Sc. and Ph.D. degrees inComputer Science from University of Sciences and Technology of Oran (USTO), Algeria, and University Henri Poincaré of Nancy, France, respectively. He is currently an Associate Professor HdR at Lorraine University and senior researcher at LORIA center of Nancy. His research interests include privacy in social networks, security for collaborative systems, optimistic protocols, and formal methods. Abdessamad Imine has developed a formal methodology for specifying and verifying the consistency of synchronized objects by operational transformation. This methodology has been successfully used in the design of a configuration management system in the LibreSource project. He has also devised protocols for controlling and enforcing privacy in social networks and protocols for synchronizing and securing shared data such as text, XML, and RDF documents. He is author and co-author of more than 82 papers in international conferences, journals, and books.

Klappentext

Privacy Risk Analysis fills a gap in the existing literature by providing an introduction to the basic notions, requirements, and main steps of conducting a privacy risk analysis. The deployment of new information technologies can lead to significant privacy risks and a privacy impact assessment should be conducted before designing a product or system that processes personal data. However, if existing privacy impact assessment frameworks and guidelines provide a good deal of details on organizational aspects (including budget allocation, resource allocation, stakeholder consultation, etc.), they are much vaguer on the technical part, in particular on the actual risk assessment task. For privacy impact assessments to keep up their promises and really play a decisive role in enhancing privacy protection, they should be more precise with regard to these technical aspects. This book is an excellent resource for anyone developing and/or currently running a risk analysis as it defines the notions of personal data, stakeholders, risk sources, feared events, and privacy harms all while showing how these notions are used in the risk analysis process. It includes a running smart grids example to illustrate all the notions discussed in the book.

Inhalt
Preface.- Acknowledgments.- Introduction.- Terminology.- Processing System.- Personal Data.- Stakeholders.- Risk Sources.- Feared Events.- Privacy Harms.- Privacy Risk Analysis.- Conclusion.- Bibliography.- Authors' Biographies .