Jane Henriksen-Bulmer
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
Henriksen-Bulmer, Jane; Faily, Shamal; Jeary, Sheridan
Authors
Shamal Faily
Sheridan Jeary
Abstract
Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions.
Citation
HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2020. DPIA in context: applying DPIA to assess privacy risks of cyber physical systems. Future internet [online], 12(5), article 93. Available from: https://doi.org/10.3390/fi12050093
Journal Article Type | Article |
---|---|
Acceptance Date | May 18, 2020 |
Online Publication Date | May 24, 2020 |
Publication Date | May 31, 2020 |
Deposit Date | Sep 16, 2021 |
Publicly Available Date | Nov 23, 2021 |
Journal | Future internet |
Electronic ISSN | 1999-5903 |
Publisher | MDPI |
Peer Reviewed | Peer Reviewed |
Volume | 12 |
Issue | 5 |
Article Number | 93 |
DOI | https://doi.org/10.3390/fi12050093 |
Keywords | Contextual integrity; Privacy; Risk; Data protection impact assessment (DPIA); General data protection regulation (GDPR) |
Public URL | https://rgu-repository.worktribe.com/output/1427724 |
Files
HENRIKSEN-BULMER 2020 DPIA in context (VOR)
(14 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
Copyright Statement
You might also like
Automation and cyber security risks on the railways: the human factors implications.
(2022)
Presentation / Conference
Integrated design framework for facilitating systems-theoretic process analysis.
(2022)
Conference Proceeding
Cybersecurity user requirements analysis: the ECHO approach.
(2022)
Conference Proceeding
Use-case informed task analysis for secure and usable design solutions in rail.
(2021)
Conference Proceeding
Visualising personas as goal models to find security tensions.
(2021)
Journal Article