Chapter 4: Information Management and Privacy Risk Management
Privacy Risk Management and Privacy Harms
Privacy risk management identifies and mitigates risks to information assets. Privacy risk is the likelihood individuals will experience problems from data processing plus the impact if they occur; privacy harms include loss of self-determination, discrimination, loss of trust, and economic loss.
Per NIST, privacy risk management helps enterprises weigh the benefits of data processing against the risk and choose a risk response. ISACA frames it as building consumer trust by safeguarding personal data throughout the life cycle. A code of ethics can aid this weighing.
Privacy risk is the likelihood individuals will experience problems from processing plus the impact if they occur. Example risks: lack of safeguards, third-party access, lack of encryption, mobile malware, social media attacks, social engineering, and outdated security software.
🔑 Privacy harms
Privacy harms are the core of risk calculation: loss of self-determination (autonomy, exclusion, loss of liberty, physical harm), discrimination, loss of trust, and economic loss.
Key terms - quick answers
What is “Privacy risk management”?
A process that identifies and assesses risks to information assets and implements mitigation strategies.
What is “Privacy risk”?
The likelihood that individuals will experience problems from data processing, and the impact of those problems if they occur.
What is “Privacy harms”?
Harms including loss of self-determination (autonomy, exclusion, loss of liberty, physical harm), discrimination, loss of trust, and economic loss.
What is “NIST”?
National Institute of Standards and Technology - source of voluntary privacy and cybersecurity frameworks.