Privacy Compliant Systems Design
Privacy Risk Assessment
High level Steps
Create DFM Diagram (see next slide please) to Identify Surfaces with Privacy Risks: Identify process, storage, channel or environment that may facilitate access to private data/information
Identify Relevant Requirements: For each such surface, identify the subset of the (15) privacy requirements that could be breached at that surface
We will review a process this week presented in “Privacy Engineering: A data flow and ontological approach by Ian Oliver.” The book is available in kindle unlimited.
DFM: Data Flow Modeling diagram is a data flow modeling tool for identifying surfaces with privacy risks (review the attached DFM.pdf).
Major Steps:
Drawing DFM diagram: Model the flow of information through the system via different processes and channels (and possibly saved to some storage)
Annotation: Annotate the DFM diagram with information characteristics, transmission protocols, purpose of usage, risks involved (review the standard annotations that we will use for this class in Annotation.zip).
Decomposition: Split a process or a channel in the DFM diagram if that process or the channel involves information with different privacy implication
Partition: Partition the DFM diagram (possibly in various ways) to identify groups with some common boundaries (that may have common privacy implications)