Privacy Risk Analysis


Synthesis Lectures on Information Security, Privacy, and Trust


September 2016, 133 pages, (doi:10.2200/S00724ED1V01Y201607SPT017)
Sourya Joyee De

Inria, Université de Lyon 

Daniel Le Métayer

Inria, Université de Lyon 


Privacy Risk Analysis fills a gap in the existing literature by providing an introduction to the basic notions, requirements, and main steps of conducting a privacy risk analysis.

The deployment of new information technologies can lead to significant privacy risks and a privacy impact assessment should be conducted before designing a product or system that processes personal data. However, if existing privacy impact assessment frameworks and guidelines provide a good deal of details on organizational aspects (including budget allocation, resource allocation, stakeholder consultation, etc.), they are much vaguer on the technical part, in particular on the actual risk assessment task. For privacy impact assessments to keep up their promises and really play a decisive role in enhancing privacy protection, they should be more precise with regard to these technical aspects.

This book is an excellent resource for anyone developing and/or currently running a risk analysis as it defines the notions of personal data, stakeholders, risk sources, feared events, and privacy harms all while showing how these notions are used in the risk analysis process. It includes a running smart grids example to illustrate all the notions discussed in the book.

Table of Contents: Preface / Acknowledgments / Introduction / Terminology / Processing System / Personal Data / Stakeholders / Risk Sources / Feared Events / Privacy Harms / Privacy Risk Analysis / Conclusion / Bibliography / Authors’ Biographies

PDF (1002 KB) PDF Plus (1004 KB)

You may also like...