Fritsch, LotharAbie, HabtamuAlkassar, AmmarSiekmann, Jörg2019-04-032019-04-032008978-3-88579-222-2https://dl.gi.de/handle/20.500.12116/21470Privacy risk management in information systems is a challenge to system designers and system owners. Increasing regulation requires compliance man- agement, while publicly visible incidents damage companies’ reputation in connec- tion with their treatment of customer privacy. Additionally, increasing attacks with stolen identities and fake identification are carried out against information systems. Companies need to have a privacy management strategy and a privacy-centric technology management. However, no unified methodology for privacy risk assessment, or the selection of countermeasures, exist. This article, after presenting the historic development of data protection and privacy technology research, maps out the missing knowledge areas of privacy technology deployment, and summarizes a return-on-investment approach on privacy management. We conclude with a roadmap on privacy risk management based on preliminary results on privacy threat impact analysis from the Norwegian PETweb research project.enText/Conference Paper1617-5468