Privacy Evaluation Methodology (PEM) v1.0
Overview
IDESG Privacy Committee
James R. Elste
Dr. Stuart Shapiro
February 2013
Privacy Evaluation Methodology:
Principles
• Effectively evaluate privacy issues & risks in IDESG work products
and proposals
• Consistently apply the methodology in an objective, thorough, and
fair manner
• Support the committees and attempt to identify and resolve privacy
issues early in the development process
• Provide multiple opportunities to discuss and resolve issues, prior
to issuing a Privacy Review Report
• Recognizing the significance of raising a formal objection, the
Privacy Committee does not intend to lodge objections over
immaterial issues or risks.
IDESG
Privacy Committee
Privacy Evaluation Methodology:
Rules of Association, Section 2.1.3.1
2.1.3.1.1. The responsibility to develop, maintain, publish and adhere to a consistent
evaluation methodology for identifying privacy and identity-related civil liberties risks
and issues ("Privacy Evaluation Methodology").
2.1.3.1.2. The responsibility to proactively communicate with and appoint liaisons to
other committees of the plenary to identify and resolve potential privacy concerns
during the development of IDESG work products.
2.1.3.1.3. The responsibility to review all IDESG work products prior to approval by the
Plenary in a timely manner and issue a Privacy Review Report, consistent with the
time frames and procedures enumerated in the Privacy Evaluation Methodology.
2.1.3.1.4. The authority to raise formal objections to IDESG proposals as set forth in
Section 5.3.3.2 of these Rules ("Rule 5332") if a proposal fails to overcome
shortcomings identified in the Privacy Review Report
IDESG
Privacy Committee
3
Privacy Evaluation Methodology:
Implementation
IDESG
Privacy Committee
Privacy
Engineering
IDESG
Privacy Committee
Formal
Privacy
Evaluation
IDESG
Privacy Committee
Report
Generation
& Review
IDESG
Privacy Committee
Potential
Outcomes
IDESG
Privacy Committee
Privacy Evaluation Methodology:
Timeframes
• No Privacy Issues (30 days)
Proposals and work products with no privacy issues or risks
will be completed within 30 days from the beginning of the
Formal Privacy Evaluation Phase.
• Unresolved Privacy Issues Identified (90 days)
Proposals and work products with unresolved privacy issues
or risks, identified either in Phase1: Privacy Engineering or
Phase2: Formal Privacy Evaluation, will be completed within
90 days from the beginning of the Formal Privacy Evaluation.
IDESG
Privacy Committee
Privacy Evaluation Criteria
• The most important component of the PEM is the evaluation
criteria
• The evaluation criteria include Fair Information Practice
Principles (FIPPs) and defined potential privacy and identityrelated civil liberties risks
– FIPPs include the FIPPs articulated in the 2011 NSTIC foundational document
and the Consumer Privacy Bill of Rights
– Potential risks are an adaptation of Solove’s privacy taxonomy
• These criteria are non-exclusive
• Not all criteria will be relevant in every instance
IDESG
Privacy Committee
Privacy Evaluation Workbook
Three principal components
– Characterization
– Analysis
– Mitigation and compensating controls
Broken down by [personally identifiable] information life cycle
stage
–
–
–
–
–
–
Collection
Processing
Use
Disclosure
Retention
Destruction
IDESG
Privacy Committee
Privacy Evaluation Workbook:
Characterization
The characterization section examines in detail the elements of a
work product to capture the different dimensions relevant to
privacy analysis
•
•
•
•
•
Actors and Relationships
Types of Information
Intended Uses
Data Flows
Legal and Regulatory Requirements
IDESG
Privacy Committee
Privacy Evaluation Workbook:
Analysis
The analysis section provides a structure to collect comments
and observations related to the application of the evaluation
criteria
•
•
•
•
FIPPs/CPBR
Privacy/Civil Liberties Risks
Legal & Regulatory Implications
Other privacy issues
IDESG
Privacy Committee
Privacy Evaluation Workbook:
Mitigation and Compensating Controls
• This section provides recommendations for addressing
identified privacy problems
• Acceptance can be a valid resolution
• Unresolved issues are noted in the report
IDESG
Privacy Committee
Summary
• Process Workflows
– Implementation
– Privacy Engineering
– Formal Privacy Evaluation
• Privacy Review Report
– Potential Outcomes
– Timeframes
• Privacy Evaluation Criteria & Workbook
– Characterization
– Analysis
– Mitigation and Compensating Controls
IDESG
Privacy Committee
Questions
???
Thank you for your
time and attention.
Download

Privacy Evaluation Methodology (PEM) v1.0