Skip to main content
SpringerLink
Log in
Book cover

European, Mediterranean, and Middle Eastern Conference on Information Systems

EMCIS 2018: Information Systems pp 258–271Cite as

An Organizational Scheme for Privacy Impact Assessments

  • Conference paper
  • First Online:

  • 1310 Accesses

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 341))

Abstract

The importance of Privacy Ιmpact Αssessment (PIA) has been emphasized by privacy researchers and its conduction is provisioned in legal frameworks, such as the European Union’s General Data Protection Regulation. However, it is still a complicated and bewildering task for organizations processing personal data, as available methods and guidelines fail to provide adequate guidance confusing organisations and PIA practitioners. This paper analyzes the interplay among PIA stakeholders and proposes an organizational scheme for successful PIA projects.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Article 36 of EU GDPR does not mention sign-off but requires prior consultation with the supervisory authority prior to processing “where a data protection impact assessment under Article 35 indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk”. The report is one of the elements to be provided to the supervisory authority during the consultation.

References

  1. Pavlou, P.: State of the information privacy literature: where are we now and where should we go. MIS Q. 35(4), 977–988 (2011)

    Article  Google Scholar 

  2. Schwaig, K.S., Kane, G.C., Storey, V.C.: Compliance to the fair information practices: how are the Fortune 500 handling online privacy disclosures? Inf. Manag. 43(7), 805–820 (2006)

    Article  Google Scholar 

  3. Spiekermann, S., Novotny, A.: A vision for global privacy bridges: technical and legal measures for international data markets. Comput. Law Secur. Rev. 31(2), 181–200 (2015)

    Article  Google Scholar 

  4. Moores, T., Dhillon, G.: Do privacy seals in e-commerce really work? Commun. ACM - Mob. Comput. Oppor. Chall. 46(12), 265–271 (2003)

    Google Scholar 

  5. BBC: Facebook scandal ‘hit 87 million users’, 04 April 2018. http://www.bbc.com/news/technology-43649018. Accessed 20 May 2018

  6. European Commission: Flash Eurobarometer: data protection in the European Union: citizens perceptions. Analytical report (2008)

    Google Scholar 

  7. European Commission: Special Eurobarometer 431: data protection. Report (2015)

    Google Scholar 

  8. European Commission: Special Eurobarometer 443: e-privacy. Report (2016)

    Google Scholar 

  9. Gigya: The 2017 State of Consumer Privacy and Trust report. https://www.gigya.com/resource/report/2017-state-of-consumer-privacy-trust/. Accessed 20 May 2018

  10. Cavoukian, A.: Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D. Identity Inf. Soc. 3(2), 247–251 (2010)

    Article  Google Scholar 

  11. Clarke, R.: Privacy impact assessment: its origins and development. Comput. Law Secur. Rev. 25(2), 123–135 (2009)

    Article  Google Scholar 

  12. UK Information Commissioner’s Office (ICO): Conducting Privacy Impact Assessments: Code of Practice (2014). https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf. Accessed 02 Mar 2018

  13. Treasury Board of Canada Secretariat (Canada TBS): Directive of Privacy Impact Assessments (2010). https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=18308. Accessed 02 Mar 2018

  14. International Organization for Standardization (ISO): ISO/IEC 29134 Information Technology – Security Techniques—Privacy Impact Assessment – Guidelines (2017)

    Google Scholar 

  15. Wright, D.: Making privacy impact assessment more effective. Inf. Soc. 29(5), 307–315 (2013)

    Article  Google Scholar 

  16. Wright, D., Finn, R., Rodrigues, R.: A comparative analysis of privacy impact assessment in six countries. J. Contemp. Eur. Res. 9(1), 160–180 (2013)

    Google Scholar 

  17. Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 126–150 (2014)

    Article  Google Scholar 

  18. Bieker, F., Friedewald, M., Hansen, M., Obersteller, H., Rost, M.: A process for data protection impact assessment under the European general data protection regulation. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 21–37. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_2

    Chapter  Google Scholar 

  19. Commission Nationale de l’Informatique et des Libertes (CNIL): Privacy Impact Assessment (PIA) Methodology (2018). https://www.cnil.fr/en/PIA-privacy-impact-assessment-en. Accessed 22 Apr 2018

  20. Office of the Australian Information Commissioner (OAIC): Guide to undertaking privacy impact assessments (2014). https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-undertaking-privacy-impact-assessments. Accessed 02 Mar 2018

  21. Spiekermann, S.: The RFID PIA–developed by industry, endorsed by regulators. In: Wright, D., De Hert, P. (eds.) Privacy Impact Assessment. LGTS, vol. 6, pp. 323–346. Springer, Dordrecht (2012). https://doi.org/10.1007/978-94-007-2543-0_15

    Chapter  Google Scholar 

  22. Health Information and Quality Authority of Ireland (HIQA): Guidance on Privacy Impact Assessment (PIA) in Health and Social Care (2017). https://www.hiqa.ie/reports-and-publications/health-information/guidance-privacy-impact-assessment-pia-health-and. Accessed 20 May 2018

  23. Office of the Privacy Commissioner (OPC) New Zealand: Privacy Impact Assessment Toolkit (2015). https://www.privacy.org.nz/news-and-publications/guidance-resources/privacy-impact-assessment/. Accessed 02 Mar 2018

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication Systems Engineering, University of the Aegean, 83200, Samos, Greece

    Konstantina Vemou & Maria Karyda

Authors
  1. Konstantina Vemou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maria Karyda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantina Vemou .

Editor information

Editors and Affiliations

  1. University of Nicosia, Nicosia, Cyprus

    Marinos Themistocleous

  2. University of Coimbra, Coimbra, Portugal

    Paulo Rupino da Cunha

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vemou, K., Karyda, M. (2019). An Organizational Scheme for Privacy Impact Assessments. In: Themistocleous, M., Rupino da Cunha, P. (eds) Information Systems. EMCIS 2018. Lecture Notes in Business Information Processing, vol 341. Springer, Cham. https://doi.org/10.1007/978-3-030-11395-7_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-11395-7_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-11394-0

  • Online ISBN: 978-3-030-11395-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation