Crowdsourcing Privacy Risk Assessment An Interactive Model for

  • Slides: 47
Download presentation
Crowdsourcing Privacy Risk Assessment An Interactive Model for Evaluating and Comparing Privacy Systems

Crowdsourcing Privacy Risk Assessment An Interactive Model for Evaluating and Comparing Privacy Systems

Objectives • • • Provide an interactive display for stakeholders (including individual users, entire

Objectives • • • Provide an interactive display for stakeholders (including individual users, entire companies, or governments) to better understand their privacy considerations and options. Allow stakeholders to quickly see the relative strengths and weaknesses of a variety of privacy systems so that they can make privacy-related choices Enable a high degree of customization to meet the wide variety of stakeholder needs

Definitions

Definitions

Stakeholder A user of the model who selects inputs and manipulates the model •

Stakeholder A user of the model who selects inputs and manipulates the model • System Owners, Developers, and Engineers • An Organization's Legal and Policy Teams • Product and Project Management Teams • Government Agencies • Consumers

Privacy Systems Any organization, service, process, or program that handles personally identifying information (PII)

Privacy Systems Any organization, service, process, or program that handles personally identifying information (PII) and affects individual privacy • Facebook • Uber • Amazon Web Services • United States Government • Government of the People’s Republic of China • Google Drive • Walmart • Apple i. OS • Blue. Cross • Bank of America Blue. Shield

Fair Information Practice Principles (FIPPs) The widely accepted framework of defining principles to be

Fair Information Practice Principles (FIPPs) The widely accepted framework of defining principles to be used in the evaluation of Privacy Systems 1. Transparency (T): systems should be transparent and notify individuals regarding collection, use, dissemination, and maintenance of personally identifiable information (PII). 2. Individual Participation (IP): Systems should involve the individual in the process of using PII and, to the extent practicable, seek individual consent for the collection, use, dissemination, and maintenance of PII. Systems should also provide mechanisms for appropriate access, correction, and redress regarding use of PII. 3. Purpose Specification (PS): Systems should specifically articulate the authority that permits the collection of PII and specifically articulate the purpose or purposes for which the PII is intended to be used. 4. Data Minimization (DM): Systems should only collect PII that is directly relevant and necessary to accomplish the specified purpose(s) and only retain PII for as long as is necessary to fulfill the specified purpose(s). 5. Use Limitation (UL): Systems should use PII solely for the purpose(s) specified in the notice. Sharing PII should be for a purpose compatible with the purpose for which the PII was collected. 6. Data Quality and Integrity (DQI): Systems should, to the extent practicable, ensure that PII is accurate, relevant, timely, and complete. 7. Security (S): Systems should protect PII (in all media) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure. 8. Accountability and Auditing (AA): Systems should be accountable for complying with these principles, providing training to all employees and contractors who use PII, and auditing the actual use of PII to demonstrate compliance with these principles and all applicable privacy protection requirements. Adapted from “Appendix A – Fair Information Practice Principles (FIPPs)” of the National Strategy for Trusted Identities in Cyberspace, (April 2011) https: //www. whitehouse. gov/sites/default/files/rss_viewer/NSTICstrategy_041511. pdf

System Practices The actions and policies of a Privacy System All identified System Practices

System Practices The actions and policies of a Privacy System All identified System Practices used by the model are listed below. Despite the attempt to identify highly specific System Practices to produce a comprehensive evaluation of each FIPP, there are other System Practices that may not be included. Alternatively, certain users of the model may conclude that some of the included System Practices should be removed. The model recognizes that the process of evaluating FIPPs is highly qualitative and seeks to leverage a crowdsourcing methodology as a way to overcome this obstacle. User input regarding which System Practices should be included or excluded (that is, crowdsourcing the System Practices) is a key feature of this model; a user can choose as many or as few System Practices to include as they want. Transparency 1. 2. 3. 4. 5. 6. Methods of Notification > Privacy Policy Methods of Notification > Popup Methods of Notification > Email Frequency of Notification > Time Dependent Frequency of Notification > Usage Dependent Frequency of Notification > Data Type Dependent Individual Participation 1. Consent > Frequency of Consent > Time Dependent 2. Consent > Frequency of Consent > Usage Dependent 3. Consent > Frequency of Consent > Data Type Dependent 4. Consent > Options > Opt-in 5. Consent > Options > Opt-out 6. Consent > Difficulty > Timely 7. Consent > Difficulty > Inexpensive 8. Access > Frequency of Access > Time Dependent 9. Access > Frequency of Access > Data Type Dependent 10. Access > Actions Permitted > View 11. Access > Actions Permitted > Download 12. Access > Difficulty > Timely 13. Access > Difficulty > Inexpensive 14. Access > Difficulty > Instructions Provided 15. Redress > Actions Permitted > Dispute 16. Redress > Actions Permitted > Correct 17. Redress > Actions Permitted > Update 18. Redress > Actions Permitted > Delete 19. Redress > Difficulty > Timely 20. Redress > Difficulty > Inexpensive 21. Redress > Difficulty > Instructions provided Postal Address 7. Types of Data Collected > Personal > Contact > Phone Number 8. Types of Data Collected > Private > Demographics > Age Purpose Specification 9. Types of Data Collected > Private > 1. Authority Granter > None Demographics > Race 2. Authority Granter > Data Subject 10. Types of Data Collected > Private > 3. Authority Granter > Law Demographics > Gender 4. Types of Purpose > Provide Services 11. Types of Data Collected > Sensitive > Activities 5. Types of Purpose > Market/advertise 12. Types of Data Collected > Sensitive > Purchase 6. Types of Purpose > Profile/analytics History 7. Articulation Method for Authority / Purpose > 13. Types of Data Collected > Sensitive > Location Privacy Policy 14. Types of Data Collected > Highly Sensitive > 8. Articulation Method for Authority / Purpose > Financial Popup 15. Types of Data Collected > Highly Sensitive > 9. Articulation Method for Authority / Purpose > Health Email 16. Types of Data Collected > Highly Sensitive > 10. Frequency of Articulation > Time Dependent SSN 11. Frequency of Articulation > Usage Dependent 17. Sources of Data > Manual > Data Subject 12. Frequency of Articulation > Data Type 18. Sources of Data > Manual > Other Data Subjects Dependent 19. Sources of Data > Automatic > Cookies 20. Sources of Data > Automatic > Pixels Data Minimization 1. Types of Data Collected > Public > Written Posts 21. Sources of Data > Automatic > Metadata 2. Types of Data Collected > Personal > Multimedia Use Limitation > Photos 3. Types of Data Collected > Personal > Multimedia 1. General > Provide Services to DS 2. General > Communicate with DS > Video 4. Types of Data Collected > Personal > Multimedia 3. General > Enable DS Customization 4. Security > Improve Services > Audio 5. Types of Data Collected > Personal > Contact > 5. Security > Diagnostics/Troubleshooting 6. Commercial > Marketing Email 6. Types of Data Collected > Personal > Contact > 7. Analytical > Profiling 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. Sharing > Recipient > Affiliated Companies Sharing > Recipient > Third Party > General Sharing > Recipient > Third Party > Security Sharing > Recipient > Third Party > Commercial Sharing > Recipient > Third Party > Analytical Sharing > Recipient > Third Party > Government Sharing > Geography > Local Sharing > Geography > National Sharing > Geography > Regional Sharing > Geography > International Data Quality and Integrity 1. 2. 3. 4. 5. Storage > Location Storage > Duration Management > Retrieval Management > Duplication Management > Backup Security 1. 2. 3. 4. 5. 6. Loss Prevention Unauthorized Access / Use Destruction Modification Unintended Disclosure > Breach Notification Compliance Accountability and Auditing 1. 2. 3. 4. 5. Complying Training > Data Protection Officer appointed Auditing > Mechanisms in place Auditing > Frequency of Auditing > Internal or External Auditor

System Practices The actions and policies of a Privacy System Methodology for Identifying System

System Practices The actions and policies of a Privacy System Methodology for Identifying System Practices: System Practices were identified based on the language used to define each FIPP: • For example, the language defining the Transparency FIPP focused on notifying individuals. Using this keyword, the question: “what is notifying a function of? ” was asked to identify measurement variables. • This led to the identification of “Methods of Notification” and “Frequency of Notification” as two variables that could be used to measure notifying. (“Notifying is a function of the methods used to notify and the frequency with which notification is given. “). A high level of granularity was sought to ensure a comprehensive evaluation of the FIPP: • With regards to the Transparency FIPP, rather than just evaluating “Methods” and “Frequency” in general, they were further subdivided to provide more specific evaluation criteria. To accomplish this, similar questions were again asked: “what is Methods a function of? ” and “what is Frequency a function of? ” This led to the identification of different methods of notification (notification in Privacy Policies, in Popups, or in Emails) as well as different frequencies of notification (based on time, usage of data, or type of data). • This high level of granularity ensures that the FIPP is evaluated based on a wide range of specific Transparency criteria, rather than just a few general ones. 1. Methods of Notification > Privacy Policy 2. Methods of Notification > Popup 3. Methods of Notification > Email 4. Frequency of Notification > Time Dependent 5. Frequency of Notification > Usage Dependent 6. Frequency of Notification > Data Type Dependent

Magnitude Chosen and assigned to a System Practice by the User to quantify the

Magnitude Chosen and assigned to a System Practice by the User to quantify the privacy intrusion or protection of each System Practice Magnitude Meaning 1 System Practice is highly intrusive of privacy 2 System Practice is moderately intrusive of privacy 3 System Practice has little overall intrusion into or protection of privacy 4 System Practice moderately protects privacy 5 System Practice highly protects privacy

Privacy Scores A FIPP Privacy Score is a computation that evaluates an individual FIPP

Privacy Scores A FIPP Privacy Score is a computation that evaluates an individual FIPP within a single Privacy System. Therefore, a single Privacy System will have eight FIPP Privacy Scores– one for each FIPP. • FIPP Privacy Scores assess categories of similar System Practices. Using FIPP Privacy Scores to first assess categories, rather than jumping right to an overall assessment of the Privacy System, helps identify more specific strengths and weaknesses of the system. For instance, an overall assessment might not highlight the fact that a Privacy System is strong in Data Minimization but weak in Use Limitation. In contrast, first assessing the individual FIPPs would highlight that difference. A System Privacy Score is a computation that evaluates all the FIPP Privacy Scores of a single Privacy System. Therefore, a single Privacy System will have one System Privacy Scores can be used to compare different Privacy Systems. Example Privacy System: Facebook FIPP Privacy Score Privacy System Transparency 3. 67 Individual Participation 3. 19 Purpose Specification 1. 67 Data Minimization 1. 95 Use Limitation System Privacy Score Facebook 2. 70 Google . . 2. 24 . . . Data Quality and Integrity 3. 80 . . . Security 1. 67 . . . Accountability and Auditing 3. 40 . . . 2. 70 . . . Average of FIPP Privacy Scores

The Model

The Model

Privacy Systems • Facebook • Google Drive • U. S. Government • Uber •

Privacy Systems • Facebook • Google Drive • U. S. Government • Uber • Apple i. OS • P. R. C. Government • Walmart • Amazon Web Services • Bank of America select System select FIPP Fair Information Privacy Principles (FIPP) • Transparency • Individual Participation • Purpose Specification select System Practice input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? • Blue. Cross Blue. Shield • Data Minimization • Use Limitation • Data Quality and Integrity • Security • Accountability and Auditing System Practices (for selected FIPP) Yes Transparency 1. Methods of Notification: Privacy Policy 2. Methods of Notification: Popup 3. Methods of Notification: Email 4. Frequency of Notification: Time Dependent 5. Frequency of Notification: Usage Dependent Data Minimization. . . 6. Frequency of Notification: Use Limitation. . . Data Type Dependent Not All Data Quality and Integrity. . . System Individual Participation 1. Consent. . . Access. . . 2. Redress. . . Purpose Specification 1. Authority Granter. . . 2. . Security. . . Practices are Shown Accountability and Auditing. . . Magnitude (input for each System Practice) • Magnitude: 1. 00 - 5. 00 FIPP Privacy Score Compute a function of the Magnitudes assigned to the System Practices of the selected FIPP. System Privacy Score No compute System Privacy Score Compute a function of all the FIPP Privacy Scores that were computed for the selected System.

Example

Example

select System select FIPP select System Practice input Magnitude Yes another System Practice? No

select System select FIPP select System Practice input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Yes

System: Facebook select FIPP select System Practice Facebook input Magnitude Yes another System Practice?

System: Facebook select FIPP select System Practice Facebook input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Yes

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes another System Practice?

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Yes Transparency

System: Facebook FIPP: Transparency System Practice: 1. Methods of Notification: Privacy Policy Facebook input

System: Facebook FIPP: Transparency System Practice: 1. Methods of Notification: Privacy Policy Facebook input Magnitude Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score 1. Methods of Notification: Privacy Policy

System: Facebook FIPP: Transparency System Practice: 1. Methods of Notification: Privacy Policy Facebook Magnitude:

System: Facebook FIPP: Transparency System Practice: 1. Methods of Notification: Privacy Policy Facebook Magnitude: 3. 00 Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Yes Transparency System Practice Magnitude 1. Methods of Notification: Privacy Policy 3. 00

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes another System Practice?

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Yes Transparency System Practice Magnitude 1. Methods of Notification: Privacy Policy 3. 00

System: Facebook FIPP: Transparency System Practice: 2. Methods of Notification: Popup Facebook Magnitude: 5.

System: Facebook FIPP: Transparency System Practice: 2. Methods of Notification: Popup Facebook Magnitude: 5. 00 Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes Transparency System Practice

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00

System: Facebook FIPP: Transparency System Practice: 3. Methods of Notification: Email Facebook Magnitude: 4.

System: Facebook FIPP: Transparency System Practice: 3. Methods of Notification: Email Facebook Magnitude: 4. 00 Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes Transparency System Practice

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00

System: Facebook FIPP: Transparency System Practice: 4. Frequency of Notification: Time Dependent Facebook Magnitude:

System: Facebook FIPP: Transparency System Practice: 4. Frequency of Notification: Time Dependent Facebook Magnitude: 3. 00 Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00 4. Frequency of Notification: Time Dependent 3. 00

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes Transparency System Practice

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00 4. Frequency of Notification: Time Dependent 3. 00

System: Facebook FIPP: Transparency System Practice: 5. Frequency of Notification: Usage Dependent Facebook Magnitude:

System: Facebook FIPP: Transparency System Practice: 5. Frequency of Notification: Usage Dependent Facebook Magnitude: 5. 00 Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00 4. Frequency of Notification: Time Dependent 3. 00 5. Frequency of Notification: Usage Dependent 5. 00

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes Transparency System Practice

System: Facebook FIPP: Transparency select System Practice Facebook input Magnitude Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00 4. Frequency of Notification: Time Dependent 3. 00 5. Frequency of Notification: Usage Dependent 5. 00

System: Facebook FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent Facebook

System: Facebook FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent Facebook Magnitude: 2. 00 Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00 4. Frequency of Notification: Time Dependent 3. 00 5. Frequency of Notification: Usage Dependent 5. 00 6. Frequency of Notification: Data Type Dependent 2. 00

System: Facebook FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent Facebook

System: Facebook FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent Facebook Magnitude: 2. 00 Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00 4. Frequency of Notification: Time Dependent 3. 00 5. Frequency of Notification: Usage Dependent 5. 00 6. Frequency of Notification: Data Type Dependent 2. 00

System: Facebook FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent Facebook

System: Facebook FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent Facebook Magnitude: 2. 00 Yes Transparency System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00 4. Frequency of Notification: Time Dependent 3. 00 5. Frequency of Notification: Usage Dependent 5. 00 6. Frequency of Notification: Data Type Dependent 2. 00

System: Facebook FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent Facebook

System: Facebook FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent Facebook Magnitude: 2. 00 Yes Transparency System Practice Yes another System Practice? No FIPP Privacy Score: 3. 67 1. Methods of Notification: Privacy Policy 3. 00 2. Methods of Notification: Popup 5. 00 3. Methods of Notification: Email 4. 00 4. Frequency of Notification: Time Dependent 3. 00 5. Frequency of Notification: Usage Dependent 5. 00 6. Frequency of Notification: Data Type Dependent 2. 00 FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude 3. 67

System: Facebook select FIPP select System Practice Facebook (Summary of FIPP Privacy Scores) input

System: Facebook select FIPP select System Practice Facebook (Summary of FIPP Privacy Scores) input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Yes FIPP Privacy Score Transparency 3. 67

System: Facebook FIPP: Individual Participation select System Practice Facebook input Magnitude Yes Individual Participation

System: Facebook FIPP: Individual Participation select System Practice Facebook input Magnitude Yes Individual Participation System Practice Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Magnitude

System: Facebook FIPP: Individual Participation select System Practice Facebook input Magnitude Yes another System

System: Facebook FIPP: Individual Participation select System Practice Facebook input Magnitude Yes another System Practice? No FIPP Privacy Score: 3. 19 another FIPP? No compute System Privacy Score Yes Individual Participation System Practice Magnitude . . . FIPP Privacy Score 3. 19

System: Facebook select FIPP select System Practice Facebook (Summary Facebook of FIPP Privacy Scores)

System: Facebook select FIPP select System Practice Facebook (Summary Facebook of FIPP Privacy Scores) input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score Yes FIPP Privacy Score Transparency 3. 67 Individual Participation 3. 19

System: Facebook select FIPP select System Practice Facebook (Summary of FIPP Privacy Score) input

System: Facebook select FIPP select System Practice Facebook (Summary of FIPP Privacy Score) input Magnitude Yes another System Practice? Yes FIPP Privacy Score Transparency 3. 67 Individual Participation 3. 19 Purpose Specification 1. 67 Data Minimization 1. 95 Use Limitation 2. 24 Data Quality and Integrity 3. 80 Security 1. 67 Accountability and Auditing 3. 40 No compute FIPP Privacy Score another FIPP? No compute System Privacy Score

System: Facebook select FIPP select System Practice Facebook (Summary of FIPP Privacy Score) input

System: Facebook select FIPP select System Practice Facebook (Summary of FIPP Privacy Score) input Magnitude Yes another System Practice? Yes FIPP Privacy Score Transparency 3. 67 Individual Participation 3. 19 Purpose Specification 1. 67 Data Minimization 1. 95 Use Limitation 2. 24 Data Quality and Integrity 3. 80 Security 1. 67 Accountability and Auditing 3. 40 No compute FIPP Privacy Score another FIPP? No compute System Privacy Score

System: Facebook select FIPP select System Practice Facebook (Summary of FIPP Privacy Score) input

System: Facebook select FIPP select System Practice Facebook (Summary of FIPP Privacy Score) input Magnitude Yes another System Practice? Yes FIPP Privacy Score Transparency 3. 67 Individual Participation 3. 19 Purpose Specification 1. 67 Data Minimization 1. 95 Use Limitation 2. 24 Data Quality and Integrity 3. 80 Security 1. 67 Accountability and Auditing 3. 40 No compute FIPP Privacy Score another FIPP? No System Privacy Score: 2. 70 System Privacy Score 2. 70

select System select FIPP select System Practice input Magnitude Yes another System Practice? No

select System select FIPP select System Practice input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score another System? Yes

select System select FIPP select System Practice input Magnitude Yes another System Practice? No

select System select FIPP select System Practice input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score another System? Yes

select System select FIPP select System Practice input Magnitude Yes another System Practice? No

select System select FIPP select System Practice input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score another System? Yes

System: Google select FIPP select System Practice input Magnitude Yes another System Practice? No

System: Google select FIPP select System Practice input Magnitude Yes another System Practice? No compute FIPP Privacy Score another FIPP? No compute System Privacy Score another System? Yes

System: Google select FIPP select System Practice input Magnitude Yes COMPARISON CHART System another

System: Google select FIPP select System Practice input Magnitude Yes COMPARISON CHART System another System Practice? Facebook compute FIPP Privacy Score another FIPP? No compute System Privacy Score another System? 2. 70 . . . Google No Yes System Privacy Score . .

Details

Details

Functions FIPP Privacy Score To compute a FIPP Privacy Score, an average (or other

Functions FIPP Privacy Score To compute a FIPP Privacy Score, an average (or other function) of all the Magnitudes assigned to the System Practices of the selected FIPP is taken. System Privacy Score To compute a System Privacy Score, an average (or other function) of all the FIPP Privacy Scores for that System is taken.

Data Entry 2. FIPP 3. System Practices 1. System and User 4. Magnitudes

Data Entry 2. FIPP 3. System Practices 1. System and User 4. Magnitudes

References • • NSTIC Appendix A - Fair Information Practice Principles Privacy Online: A

References • • NSTIC Appendix A - Fair Information Practice Principles Privacy Online: A Report to Congress (Federal Trade Commission, 1998) NIST Special Publication 800 -53 r 4, Appendix J “Records, Computers and the Rights of Citizens” (US Department of Health, Education and Welfare, 1973) US Privacy Act of 1974 NIST Privacy Engineering Objectives and Risk Model Discussion Draft NIST 8062: Privacy Risk Management for Federal Information Systems