Integrating privacy impact assessment in risk management

International Data Privacy Law

Volumn 4, Issue 2, 2014, Pages 155-170

  Wright, David ^a   Wadhwa, Kush ^a   Lagazio, Monica ^a   Raab, Charles ^b   Charikane, Eric ^c  

^a Crown House   (United Kingdom)

^b UNIVERSITY OF EDINBURGH   (United Kingdom)

^c Privacy Impact Assessment Observatory   (France)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84967249864     PISSN: 20443994     EISSN: 20444001     Source Type: Journal    
DOI: 10.1093/idpl/ipu001     Document Type: Article

References (15)

1. Information Commissioner's Office (ICO), Privacy Impact Assessment Handbook (v 2.0, June 2009) (hereafter ICO Handbook 2009).,http://www. ico.gov.uk/upload/documents/pia_handbook_html_v2/index.html. accessed 9 April 2014.
2. See Cabinet Office, Cross Government Actions: Mandatory Minimum Measures (I, 4.4, 2008),http://www.cabinetoffice.gov.uk/sites/default/ files/resources/cross-gov-actions.pdf.: All departments must 'conduct privacy impact assessments so that they can be considered as part of the information risk aspects of Gateway Reviews'. Gateway reviews are undertaken by an independent team of experienced people and carried out at key decision points in government programmes and projects to provide assurance that they can progress successfully to the next stage.
3. 4, www.trilateralresearch.com..
4. 7, http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-frameworkfinal.pdf..
5. Fuller analysis of these can be found in Sections 6.2-6.4 of the original report at,http://www.ico.gov.uk..
6. Both papers can be found at,http://www.piafproject.eu/Events.html..
7. Commission Nationale de l'Informatique et des Libertés (CNIL), Methodology for privacy risk management (CNIL, 2012),http://www. cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Methodology.pdf..
8. PriceWaterhouseCoopers, Insights and Trends: Current Portfolio, Programme, and Project Management Practice. The third global survey on the current state of project management took place in 2012. See,http:// www.pwc.com/us/en/public-sector/publications/global-pm-report-2012.jhtml..
9. 15, http://www.prince-officialsite.com/home..
10. 16, http://www.hermes.admin.ch..
11. European Commission, COM(2012) 11 final,http://ec.europa.eu/justice/
12. data-protection/document/review2012/com_2012_11_en.pdf..
13. See also David Wright, 'Should privacy impact assessment be mandatory?' (2011) 54 Communications of the ACM 8, 121-31,http://cacm.acm.org/ magazines/2011/8..
14. See p. 60, module B1.5 Data protection, of the 2005 version of the IT-Grundschutz Catalogues which states that 'A proposal for such a “data protection” IT-Grundschutz module was masterminded by the Federal Data Protection Officer in co-operation with the Technical Working Group of National and State Data Protection Officers. It is oriented toward public bodies at the federal and state levels, private suppliers of telecommunications services and postal services.',https://www.bsi.bund. de/SharedDocs/Downloads/EN/BSI/Grundschutz/download/it-grundschutz-kataloge_2005_pdf_en_zip.zip?__blob=publicationFile..
15. 20, http://ico.org.uk/about_us/consultations/~/media/documents/library/Corporate/Research_and_reports/draft-conducting-privacy-impact-assessments-code-of-practice.pdf..