Evaluating privacy impact assessment methods: guidelines and best practice
Information and Computer Security
ISSN: 2056-4961
Article publication date: 4 September 2019
Issue publication date: 3 April 2020
Abstract
Purpose
This paper aims to practically guide privacy impact assessment (PIA) implementation by proposing a PIA process incorporating best practices from existing PIA guidelines and privacy research.
Design/methodology/approach
This paper critically reviews and assesses generic PIA methods proposed by related research, data protection authorities and standard’s organizations, to identify best practices and practically support PIA practitioners. To address identified gaps, best practices from privacy literature are proposed.
Findings
This paper proposes a PIA process based on best practices, as well as an evaluation framework for existing PIA guidelines, focusing on practical support to PIA practitioners.
Practical implications
The proposed PIA process facilitates PIA practitioners in organizing and implementing PIA projects. This paper also provides an evaluation framework, comprising a comprehensive set of 17 criteria, for PIA practitioners to assess whether PIA methods/guidelines can adequately support requirements of their PIA projects (e.g. special legal framework and needs for PIA project organization guidance).
Originality/value
This research extends PIA guidelines (e.g. ISO 29134) by providing comprehensive and practical guidance to PIA practitioners. The proposed PIA process is based on best practices identified from evaluation of nine commonly used PIA methods, enriched with guidelines from privacy literature, to accommodate gaps and support tasks that were found to be inadequately described or lacking practical guidance.
Keywords
Citation
Vemou, K. and Karyda, M. (2020), "Evaluating privacy impact assessment methods: guidelines and best practice", Information and Computer Security, Vol. 28 No. 1, pp. 35-53. https://doi.org/10.1108/ICS-04-2019-0047
Publisher
:Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited