Making Privacy Impact Assessment More Effective

被引:25
作者
Wright, David [1 ]
机构
[1] Trilateral Res & Consulting, London W14 8H, England
关键词
consultation; PIAF; privacy impact assessment; privacy risks; stakeholders;
D O I
10.1080/01972243.2013.825687
中图分类号
G2 [信息与知识传播];
学科分类号
05 ; 0503 ;
摘要
Europe's proposed Data Protection Regulation is expected to make data protection impact assessment (DPIA) mandatory, a development that could impact hundreds of thousands of organizations (both governmental and private sector) in Europe, as well as non-European entities offering their wares and services there. This article reviews the DPIA provisions outlined in the new regulation. For the nuts and bolts of a privacy impact assessment (PIA) methodology, Europe could select features from the PIA methodologies used in Australia, Canada, Ireland, New Zealand, the United Kingdom, and the United States, the countries with the most experience in PIA. A European Commission (EC)-funded project, called PIAF, reviewed these various methodologies and proposed an optimized PIA for Europe (and elsewhere) based on the best practices of the aforementioned countries. Based on these best practices, this article outlines a 16-step PIA process. It argues that while some organizations may regard a PIA as a hassle, in fact, a PIA offers many benefits, as spotlighted in the article.
引用
收藏
页码:307 / 315
页数:9
相关论文
共 26 条
[1]  
[Anonymous], 2012, METH PRIV RISK MAN
[2]  
[Anonymous], PRIV IMP ASS GUID VI
[3]  
[Anonymous], 2012, Technical Report COM(2012)
[4]  
[5]  
Article 29 Data Protection Working Party, 2012, OP 01 2012 DAT PROT
[6]  
Cabinet Office, 2008, DAT HANDL PROC GOV F
[7]  
Cabinet Office, 2008, CROSS GOV ACT MAND M
[8]  
Clarke R, 2012, LAW GOV TECHNOL SER, V6, P119, DOI 10.1007/978-94-007-2543-0_5
[9]  
De Hert P., 2013, European Data Protection: Coming of Age, P3
[10]  
Health Information and Quality Authority, 2010, INT REV PRIV IMP ASS