Two areas that I'm aware of: 1 - There's a growing and reasonably mature body of work (mostly in the public sector) on Privacy Impact Analysis. Most of that is based on classifying data as "Personal", "Sensitive Personal" or "Neither of the above" and then assessing the risk and impact of its inappropriate disclosure.
2 - The concept of "harm" is also a key one for privacy risk models, but has distinct shortcomings. For instance, it can't deal well with data breaches where you suspect data has been lost, but you can't tell whether anything bad has happened as a result. It has also been a rather crude metric up to now, with the US, for instance, tending to rule that "harm" must be financial in order to qualify for redress. However, the "harm" model is gradually becoming more nuanced, for instance by classification into 'physical harm, financial harm and reputational harm'. A far as I'm aware, though, that kind of model has yet to be turned into a clear methodology... HTH, Robin Robin Wilton Technical Outreach Director - Identity and Privacy On 1 Mar 2013, at 09:37, Stephen Farrell <[email protected]> wrote: > > > On 03/01/2013 05:48 AM, SM wrote: >> >> >> At 18:25 28-02-2013, David Singer wrote: >>> in 'privacy considerations' I think we need to explore the privacy >>> consequences of using protocols 'appropriately'. And there are, and >>> it's no longer OK not to worry about them as we design protocols. >> >> Yes. > > +1 > > Personally, I have a not-worked-out theory that the kind of > risk analysis we use in security doesn't apply much to > considering privacy and that some other methodology would be > better, or is needed. > > Anyone know of generic worked-out methodologies for analysing > privacy issues? > > S. > _______________________________________________ > ietf-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-privacy _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
