Beschreibung
Privacy Risk Analysis fills a gap in the existing literature by providing an introduction to the basic notions, requirements, and main steps of conducting a privacy risk analysis.The deployment of new information technologies can lead to significant privacy risks and a privacy impact assessment should be conducted before designing a product or system that processes personal data. However, if existing privacy impact assessment frameworks and guidelines provide a good deal of details on organizational aspects (including budget allocation, resource allocation, stakeholder consultation, etc.), they are much vaguer on the technical part, in particular on the actual risk assessment task. For privacy impact assessments to keep up their promises and really play a decisive role in enhancing privacy protection, they should be more precise with regard to these technical aspects.This book is an excellent resource for anyone developing and/or currently running a risk analysis as it defines the notions of personal data, stakeholders, risk sources, feared events, and privacy harms all while showing how these notions are used in the risk analysis process. It includes a running smart grids example to illustrate all the notions discussed in the book.
Autorenporträt
Sourya Joyee De received her Bachelor of Engineering degree in Information Technology from Bengal Engineering and Science University, Shibpur, India, in 2009 and became a Fellow of the Indian Institute of Management Calcutta (equivalent to Ph.D.) in December 2014. Thereafter, she was a Visiting Scientist at the R.C. Bose Centre for Cryptology & Security, Indian Statistical Institute, Kolkata. Since July 2015, she is an Inria post-doctoral researcher in the PRIVATICS research group and CITI laboratory in Lyon (France). Her research interests include privacy, security and applied cryptography.Daniel Le Metayer received a Ph.D. in computer science from the University of Rennes in 1984. He is a Senior Researcher (""Directeur de Recherche"") with Inria and member of the PRIVATICS research group and CITI laboratory in Lyon (France). His research interests include privacy risk analysis, privacy by design, accountability and more generally the interactions between computer science and law.
