Towards a Research Road Map for the Management of Privacy Risks in Information Systems
ISSN der Zeitschrift
SICHERHEIT 2008 – Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI)
Regular Research Papers
Gesellschaft für Informatik e. V.
Privacy risk management in information systems is a challenge to system designers and system owners. Increasing regulation requires compliance man- agement, while publicly visible incidents damage companies’ reputation in connec- tion with their treatment of customer privacy. Additionally, increasing attacks with stolen identities and fake identification are carried out against information systems. Companies need to have a privacy management strategy and a privacy-centric technology management. However, no unified methodology for privacy risk assessment, or the selection of countermeasures, exist. This article, after presenting the historic development of data protection and privacy technology research, maps out the missing knowledge areas of privacy technology deployment, and summarizes a return-on-investment approach on privacy management. We conclude with a roadmap on privacy risk management based on preliminary results on privacy threat impact analysis from the Norwegian PETweb research project.