PRIVACY IMPACT ASSESSMENTPDF|Epub|txt|kindle电子书版本网盘下载

PRIVACY IMPACT ASSESSMENTPDF格式电子书版下载

注意：本站所有压缩包均有解压码： 点击下载压缩包解压工具

Part Ⅰ Setting the Scene3

1 Introduction to Privacy Impact Assessment&David Wright and Paul De Hert3

1.1 Growing Interest3

1.2 A Few Key Definitions5

1.3 A PIA Timeline8

1.4 Why Carry Out a PIA?10

1.4.1 To Manage Risks10

1.4.2 To Derive Benefits16

1.5 Variations in PIA Approaches17

1.6 Open Issues23

1.6.1 Scale and Scope of the PIA24

1.6.2 Who Should Perform the PIA?25

1.6.3 Should Engaging External Stakeholders Be Part of the PIA Process?26

1.6.4 Should PIAs Be Published?27

1.6.5 Should PIAs Be Mandatory?28

1.6.6 Should the DPA or Privacy Commissioner “Approve” a PIA?29

1.6.7 Should a PIA Apply to the Development of New Policy?30

1.6.8 Two or More Organisations Collaborating on a PIA30

1.6.9 Are Trans-national PIAs Feasible?31

1.7 Objectives and Scope of This Book31

2 A Human Rights Perspective on Privacy and Data Protection Impact Assessments&Paul De Hert33

2.1 Terminology33

2.2 Data Protection Impact Assessments34

2.3 Privacy Impact Assessment: What Is Privacy?38

2.4 Privacy Impact Assessments: Privacy and Permissible Limitations40

2.5 The Technology Should Be Used in Accordance with and as Provided by the Law （First PIA Element）45

2.5.1 Open Questions About the Transparency and Legality Requirement48

2.6 The Technology or Processing Should Serve a Legitimate Aim （Second PIA Element）49

2.7 The Technology Should Not Violate the Core Aspects of the Privacy Right （Third PIA Element）51

2.8 The Technology Should Be Necessary in a Democratic Society （Fourth PIA Element）54

2.8.1 Necessity, Evidence and Politics56

2.9 The Technology Should Not Have or Give Unfettered Discretion （Fifth PIA Element）59

2.10 The Technology Should Be Appropriate, Least Intrusive and Proportionate （Sixth PIA Element）61

2.10.1 Appropriateness and the Least Intrusive Method63

2.10.2 The Fair Balance Requirement, Evidence and Precaution66

2.10.3 The Fair Balance Requirement, Stakeholder Participation and Impact Assessments70

2.11 The Technology Should Not Only Respect Privacy Requirements But Also Be Consistent with Other Human Rights （Seventh PIA Element）72

2.12 Conclusion74

3 （Regulatory） Impact Assessment and Better Regulation&David Parker77

3.1 The Development of （Regulatory） Impact Assessment79

3.2 Use of RIA/IA in the UK81

3.3 RIA/IAs and the European Commission92

3.4 Conclusions95

4 Prior Checking, a Forerunner to Privacy Impact Assessments&Gwendal Le Grand and Emilie Barrau97

4.1 Introduction97

4.2 How Prior Checking Has Been Implemented98

4.2.1 Prior Checking Has Been Transposed in the National Legislation of Most Member States and Is Used by Most Member States98

4.2.2 Prior Checking Is Limited to Operations Likely to Present Specific Risks in Most Countries99

4.2.3 Categories of Processing Operations, When They Are Defined, Are Not Homogeneous100

4.2.4 Exemptions Are Foreseen in Half of the Countries102

4.2.5 Prior Checking in the Context of National Legislative Measures and Regulations is Carried Out in Half of the Countries103

4.3 How Prior Checking Has Worked in Practice105

4.3.1 Prior Checking Takes Different Forms at National Level； Data Protection Authorities Use Several Tools105

4.3.2 The Format and Publicity of the Data Protection Authorities’ Decisions Are Not Harmonised Across Europe106

4.3.3 Data Protection Authorities Usually Set a Time Limit to Complete Prior Checking107

4.3.4 In the Context of Prior Checking,Notifications by the Controller Usually Do Not Include More Information than Notifications for Other Types of Processing108

4.3.5 Data Protection Authorities Have Developed Specific Instruments or Procedures for Processing Operations Subject to Prior Checking109

4.3.6 Decisions of the Data Protection Authorities Can Generally Be Appealed Before an Administrative Court110

4.3.7 Data Controllers Who Start Processing Operations Without Notifying the Data Protection Authority Most Likely Get Fined110

4.4 Lessons Learned from Prior Checking111

4.4.1 Assessment of the Current Prior Checking System and Potential Evolutions111

4.4.2 Data Protection Authorities Use Tools to Complement Prior Checking112

4.4.3 What Role for Privacy Impact Assessments?112

4.5 Conclusion115

Part Ⅱ Five Countries Lead the Way119

5 PIAs in Australia: A Work-In-Progress Report&Roger Clarke119

5.1 Introduction119

5.2 The Nature of PIAs120

5.3 The History and Status of PIAs in Australia120

5.3.1 Pre-2000122

5.3.2 Post-2000123

5.3.3 The 10 Contexts124

5.4 PIA Guidance Documents137

5.4.1 Evaluation Criteria137

5.4.2 The Victorian Privacy Commissioner’s Guide138

5.4.3 The Australian Privacy Commissioner’s Guide139

5.5 Future Developments142

5.5.1 The States and Territories142

5.5.2 The OAPC/ICO144

5.5.3 The ALRC’s Recommendations144

5.5.4 The Government’s Response146

5.6 Conclusions147

6 Privacy Impact Assessment - Great Potential Not Often Realised&Nigel Waters149

6.1 Introduction149

6.2 A Useful Analogy‘?150

6.3 What Is PIA?150

6.4 PIA and Privacy by Design150

6.5 PIA and Privacy Auditing151

6.6 Who Should Be the Client?152

6.7 In an Ideal World&?153

6.8 Using PIA Findings to Effect Change153

6.9 Some Examples of PIA155

6.9.1 Online Authentication for e-Government in New Zealand155

6.9.2 Retention and Linkage of Australian Census Data156

6.9.3 The Australian Financial Reporting Regime156

6.9.4 Individual Identifiers for e-Health in Australia157

6.9.5 Hong Kong Smart Identity Card158

6.10 Conclusion160

7 Privacy Impact Assessments in Canada &Robin M.Bayley and Colin J.Bennett161

7.1 Introduction161

7.1.1 The Canadian Privacy Legislative Framework162

7.2 The Conduct of PIAs in Canada164

7.2.1 The Legal Basis for Privacy Impact Assessments164

7.2.2 Who Conducts PIAs?166

7.2.3 Private Sector PIAs168

7.2.4 When PIAs Are Required169

7.2.5 PIAs Involving State Security, Law Enforcement and International Projects and Agreements171

7.2.6 PIA Characteristics and Methodology172

7.2.7 The Audit and Review of PIAs175

7.2.8 The Publication of PIAs180

7.3 Conclusions182

8 Privacy Impact Assessment in New Zealand -A Practitioner’s Perspective&John Edwards187

8.1 Introduction187

8.2 Background188

8.3 A Short History of Privacy Impact Assessment in New Zealand188

8.4 Undertaking Privacy Impact Assessments193

8.5 Timing194

8.6 The Cost of Privacy Impact Assessment195

8.7 For Whom Is the Report Prepared?196

8.8 Problems with Privacy196

8.9 Independence199

8.10 Givens199

8.11 Scope Constraints200

8.12 Legal Professional Privilege Applies201

8.13 After the Assessment?202

8.14 Conclusion203

9 Privacy Impact Assessment in the UK&Adam Warren and Andrew Charlesworth205

9.1 Introduction205

9.2 Legislative and Policy Framework207

9.2.1 Legislation208

9.2.2 Policy210

9.3 The UK PIA Process211

9.4 Case Study: Office for National Statistics （ONS）, 2011 Census214

9.5 Lessons Learnt216

9.6 Future Developments221

9.7 Conclusion223

10 PIA Requirements and Privacy Decision-Making in US Government Agencies&Kenneth A.Bamberger and Deirdre K.Mulligan225

10.1 Introduction225

10.2 The US PIA Requirement and Its Implementation228

10.3 Challenges Inherent in the PIA Model230

10.3.1 Limits of Process230

10.3.2 Substantive Barriers to Oversight231

10.4 Seeking Ways to Overcome Barriers to PIA Success:Learning from the US Experience235

10.4.1 Lessons from NEPA236

10.5 Suggestions from the US PIA Experience: The RFID Cases237

10.5.1 The Cases in Brief238

10.5.2 Possible Elements of Variance240

10.6 Status and Independence of Embedded Privacy Experts241

10.7 Expert Personnel, Integrated Structure and the PIA Tool245

10.7.1 Creating Accountability in the Absence of Oversight: The Privacy and Integrity Advisory Committee248

10.8 Directions for Further Inquiry249

Part Ⅲ PIA in the Private Sector: Three Examples253

11 PIA: Cornerstone of Privacy Compliance in Nokia&Tobias Brautigam253

11.1 Introduction253

11.2 Definitions255

11.2.1 Privacy255

11.2.2 Personal Data256

11.2.3 PCI DSS256

11.2.4 PIA, PISA256

11.2.5 Nokia256

11.3 Nokia’s Approach to Privacy256

11.3.1 Governance Model257

11.3.2 Other Measures in Support of Privacy259

11.3.3 Reasons for Conducting Privacy Assessments260

11.4 The Process, or How Privacy Assessments Are Conducted261

11.4.1 Two Kinds of Privacy Assessments261

11.4.2 Undertaking a PISA261

11.4.3 The PIA Process - Deviations from PISA263

11.5 The Content of Privacy Assessments264

11.5.1 The PISA Template264

11.5.2 The PIA Template267

11.6 Areas for Improvement269

11.6.1 Quality of the Requirements That Are Assessed269

11.6.2 Resources270

11.6.3 Awareness270

11.6.4 Evaluating Findings271

11.6.5 Information Not Available271

11.6.6 Corrective Actions271

11.6.7 Speed of Execution271

11.7 Conclusion and Summary: 10 Recommendations271

11.7.1 Start Small, But Start272

11.7.2 Awareness272

11.7.3 Privacy Assessments Need to Be Supported by a Governance Model272

11.7.4 Definitions of Requirements Must be as Self-Explanatory as Possible273

11.7.5 Include Open Questions in the Assessments273

11.7.6 Specialisation273

11.7.7 Cultivate a Culture of Continuous Improvement and Open Communication273

11.7.8 Prioritisation274

11.7.9 Effective Resource Management274

11.7.10 Inclusion of PIA and PISA When Managing Projects274

12 How Siemens Assesses Privacy Impacts&Florian Thoma275

12.1 Siemens at a Glance275

12.2 Terminology276

12.3 Some Challenges276

12.4 The Data Protection Officer’s Tasks277

12.5 Prior Checking278

12.6 Processor Audits279

12.7 Group IT System Assessment: Inter-company Agreements280

12.8 Assessment of Offshoring and Outsourcing Projects281

12.9 Advantages of Privacy Impact Assessments282

12.10 Involvement of Data Protection Authorities283

12.11 Moving Forward283

13 Vodafone’s Approach to Privacy Impact Assessments&Stephen Deadman and Amanda Chandler285

13.1 Introduction285

13.2 Vodafone’s Core Business Operations286

13.3 The External and Industry Environment287

13.4 Vodafone’s Policy and Approach to Privacy Risk Management287

13.4.1 Governance and Accountability288

13.4.2 Principles288

13.5 Privacy Impact Assessments289

13.6 Vodafone’s Privacy Programme289

13.7 The Role of the PIA in the Vodafone Privacy Programme290

13.7.1 Strategic Privacy Impact Assessment290

13.7.2 Case Study - Location Services291

13.8 PIA and the Privacy Risk Management System （PRMS）295

13.8.1 Strategic Aims and Objectives of the PRMS295

13.8.2 Key Operational Controls in the PRMS296

13.9 The Role of the Privacy Officer301

13.10 The Role of Privacy Impact Assessment in the PRMS302

13.11 Conclusion - The Value of Privacy Impact Assessments303

Part Ⅳ Specialised PIA: The Cases of the Financial Services Industry and the RFID PIA Framework307

14 The ISO PIA Standard for Financial Services&John Martin Ferris307

14.1 Introduction307

14.2 Overview of the ISO 22307:2008 Voluntary Consensus Standard308

14.2.1 A PIA Is Useful During Any Phase of a System’s Life Cycle308

14.2.2 A PIA Requires a Process Including a Plan309

14.2.3 A PIA Needs an Adequate Description of the System310

14.2.4 A PIA Standard Should Be Neutral on Frameworks That Support a PIA Development310

14.2.5 A PIA Is Not a Privacy Audit313

14.3 History of ISO 22307:2008313

14.4 Voluntary Consensus Standards315

14.4.1 ISO TC 68316

14.4.2 Business Challenges of ISO TC 68 and Voluntary Consensus Standards316

14.4.3 ISO TC 68 Security and Privacy Work319

14.4.4 Choosing Voluntary Consensus Standards319

14.5 Summary321

15 The RFID PIA - Developed by Industry, Endorsed by Regulators&Sarah Spiekermann323

15.1 Introduction - The History of the RFID PIA323

15.2 Preliminary Considerations Before Engaging in a PIA327

15.3 Initial Analysis to Determine the Scope of PIA329

15.4 PIA Risk Assessment Process333

15.4.1 How Is the Risk Assessment Done Step By Step?334

15.5 PIA Reporting344

15.6 Conclusion344

16 Double-Take: Getting to the RFID PIA Framework&Laurent Beslay and Anne-Christine Lacoste347

16.1 An Introduction to the RFID Recommendation347

16.2 Conditions of Involvement of the Art.29 WP348

16.3 The Different Actors Involved in the Recommendation349

16.3.1 The European Data Protection Supervisor349

16.3.2 The European Network and Information Security Agency349

16.3.3 Industry350

16.3.4 National Authorities and Agencies350

16.4 From a Negative Opinion of the WP29 to a Positive One350

16.4.1 The July 2010 Opinion of the Art&29 WP and the Issue of Risk Analysis350

16.5 Endorsement of the Art&29 WP: Consequences and Further Steps354

16.6 PIA in Perspective356

16.6.1 PIA for RFID Applications and Impact Assessments in a Regulatory Process356

16.6.2 The Issue of Representativeness of the Industry Group356

16.6.3 PIA Procedure: A Voluntary Action357

16.6.4 The PIA Framework for RFID: An Example for Other Technological Fields?358

16.7 Conclusion: Efficiency of PIA and Residual Risk:A Difficult Compromise358

Part Ⅴ Specific Issues363

17 Surveillance: Extending the Limits of Privacy Impact Assessment&Charles Raab and David Wright363

17.1 Introduction363

17.2 Objections to Subjecting Surveillance to PIA364

17.2.1 A Brake on Technical Progress364

17.2.2 Some Surveillance Involves Central Functions of the State365

17.2.3 Some Surveillance Involves Commercial Sensitivity366

17.2.4 Some Surveillance Involves More Than One Country367

17.2.5 Ineffectiveness Would Be Revealed by a PIA368

17.2.6 PIA Is Too Narrowly Focused369

17.3 Types of Surveillance369

17.3.1 Watching370

17.3.2 Listening370

17.3.3 Locating370

17.3.4 Detecting371

17.3.5 Dataveillance372

17.3.6 Assemblages372

17.3.7 Surveillance: Causes of Concern373

17.4 Who Are the Surveillants, and Why Do They Use Surveillance?374

17.4.1 Public Sector374

17.4.2 Private Sector375

17.4.3 Society375

17.5 Assessing Surveillance Effects: Privacy and Beyond376

17.6 Conclusion382

18 The Madrid Resolution and Prospects for Transnational PIAs&Artemi Rallo Lombarte385

18.1 The Madrid Resolution385

18.1.1 Origin of the Document385

18.1.2 The Contents of the Madrid Resolution387

18.2 Privacy Impact Assessments in the Madrid Resolution390

18.3 Reception of the Madrid Resolution392

18.3.1 Towards a Binding International Instrument392

18.3.2 Mexico: First Country to Incorporate the Resolution into Its Legal System394

18.3.3 Europe: Influence of the Madrid Resolution on the “Future of Privacy”394

18.4 Conclusions395

19 Privacy and Ethical Impact Assessment &David Wright and Emilio Mordini397

19.1 Introduction397

19.2 Governance Issues in the Practice of an Ethical Impact Assessment401

19.2.1 The Role of Ethics401

19.2.2 Consulting and Engaging Stakeholders402

19.2.3 Accountability404

19.2.4 Providing More Information, Responding to Complaints and Third Party Ethical Review405

19.2.5 Good Practice406

19.3 Ethical Principles406

19.3.1 Respect for Autonomy407

19.3.2 Dignity407

19.3.3 Informed Consent408

19.3.4 Justice409

19.4 Social Cohesion410

19.4.1 Nonmaleficence （Avoiding Harm）410

19.4.2 Beneficence412

19.4.3 Social Solidarity, Inclusion and Exclusion415

19.4.4 Sustainability415

19.5 Conclusions416

20 Auditing Privacy Impact Assessments: The Canadian Experience&Jennifer Stodda419

20.1 Introduction419

20.2 Supporting the Performance of PIAs421

20.2.1 PIAs Are Only as Good as the Processes That Support Them422

20.2.2 Frameworks Lacking Critical Control Elements Are More Likely to Fail425

20.3 Improving PIA Processes429

20.3.1 PIAs Should Be Integrated with Other Risk Management Processes430

20.3.2 PIA Requirements Need To Be Streamlined430

20.4 Need for Strategic Privacy Impact Assessment432

20.5 Enhancing Public Reporting Requirements to Improve PIAs433

20.6 Conclusion: Evaluating the Effects of Our Audit434

21 Privacy Impact Assessment: Optimising the Regulator’s Role&Blair Stewart437

21.1 Introduction437

21.2 Approach438

21.3 Part A: Getting Started440

21.4 Part B: Getting Through441

21.5 Part C: Getting Results441

21.6 Part D: Getting Value443

21.7 Closing Comments444

22 Findings and Recommendations&David Wright and Paul De Hert445

22.1 PIA Policy Issues: Recommendations for a Better Framework on PIA446

22.1.1 PIAs Should Be Conducted by Any Organisation Impacting Privacy446

22.1.2 PIA Needs Champions, High Level Support and an Embedded Privacy Culture446

22.1.3 A PIA Should Be “Signed Off’ by a High-Level Official and Tied to Funding Submissions448

22.1.4 Risk Management Should Be a Part of PIA,and PIA Should Be Part of Risk Management448

22.1.5 Privacy Commissioners Should Play a Key Role in PIA449

22.1.6 Prior Checking and PIA Should Be Complementary, But Their Mutual Relationship Needs More Study450

22.1.7 Transparency Contributes to the Success of a PIA452

22.1.8 Publish the Results of the PIA and Communicate with Stakeholders, Including the Public453

22.1.9 Guard Against Conflicts of Interest454

22.1.10 Ensure Third-Party Review and Audit of PIAs455

22.1.11 Common Standards and Good Practice Need To Be Better Identified456

22.1.12 Create a Central Registry of PIAs457

22.1.13 Multi-agency and Transnational Projects Should Be Subject to PIA458

22.1.14 Should PIAs Be Mandatory?459

22.2 PIA Practice: Guidance for Individual PIAs462

22.2.1 When Is a PIA Necessary?462

22.2.2 Determine the Objectives, Scale and Scope of the PIA463

22.2.3 Initiate a PIA Early, When It Is Possible to Influence Decision-Making465

22.2.4 Who Should Initiate and Conduct the PIA?465

22.2.5 Describe the Proposed Project and Map the Information Flows466

22.2.6 Identify and Engage Stakeholders466

22.2.7 A Compliance Check Is Only Part of a PIA470

22.2.8 A PIA Should Address All Types of Privacy471

22.2.9 &and Other Values Too472

22.2.10 With Stakeholders, Identify the Risks and Impacts of the Project473

22.2.11 Questions473

22.2.12 Identify Options （Controls） for Avoiding or Mitigating Negative Privacy Impacts474

22.2.13 Justify the Business Case for the Residual Risk and Maintain a Risk Register474

22.2.14 Review and Update the PIA as the Project Progresses475

22.2.15 Prepare the PIA Report and Implement the Recommendations476

22.2.16 Training and Raising Awareness476

22.2.17 PIA Has Value - Get It！477

22.3 Room for Improvement and Concluding Remarks478

About the Authors483

References493

Index519