New Book Helps Organisations to Avoid Privacy Risks

Share Article

The just-published book, Privacy Impact Assessment, edited by David Wright and Paul de Hert, provides a broad view of the state-of-the-art in mitigating privacy risks. The 523-page book, published by Springer, contains 22 chapters by the leading PIA experts from around the world, including academics, practitioners, regulators and industry, and is the first volume to address the subject.

The just-published book, Privacy Impact Assessment, edited by David Wright and Paul de Hert, provides a broad view of the state-of-the-art in mitigating privacy risks. The 523-page book, published by Springer, contains 22 chapters by the leading PIA experts from around the world, including academics, practitioners, regulators and industry, and is the first volume to address the subject.

Virtually all organisations collect, use, process and share personal data from their employees, customers and/or citizens. In doing so, they may be exposing themselves to risks, from threats and vulnerabilities, of that data being breached or compromised by negligent or wayward employees, hackers, the police, intelligence agencies or third-party service providers. A recent study by the Ponemon Institute found that 70 per cent of organisations surveyed had suffered a data breach in the previous year.

Breaches or compromises of personal data can cost an organisation tens of thousands of dollars (or euro or pounds) or more in fines, damage to reputation, market share and consumer trust. A privacy impact assessment (PIA) can help an organisation to avoid or minimise privacy risks.

In his Foreword, surveillance studies and privacy scholar Gary T. Marx says, “This state-of-the-art book describes the most comprehensive tool yet available for policy-makers to evaluate new personal data information technologies before they are introduced.”

The book includes chapters on PIA in Australia, Canada, New Zealand, the United Kingdom and the United States. It has chapters by the chief privacy officers from Nokia, Siemens and Vodafone as well as chapters on specialised PIAs for the financial services, radio frequency identification (RFID) tags, surveillance and ethical impact assessment, PIA audits, findings and recommendations.

Nokia says privacy impact assessments have helped “to decrease the risk of financial loss caused by compensation and penalties. They also decrease the risk of damage to reputation, which is the consequence of every privacy incident”. Siemens says PIAs have several advantages for companies, including “avoiding risks to individuals, to the company’s operations and reputation because they support privacy-friendly technologies and behaviour”. And Vodafone says, “One of the benefits of privacy impact assessments is that they can encourage consideration of creative solutions to privacy risks in a way that a rules-based compliance approach does not, e.g., engineering solutions through ‘privacy by design’.”

This book is timely as the European Commission’s proposal for a new Data Protection Regulation would make privacy impact assessments mandatory for any organisation processing “personal data where those processing operations are likely to present specific risks to the rights and freedoms of data subjects”. Examples of such risks arise from a person's performance at work, creditworthiness, economic situation, location, health, personal preferences, reliability or behaviour, sex life, health, race and ethnic origin or for the provision of health care, video surveillance, personal data in large scale filing systems on children, genetic data or biometric data.

The book is available from Springer (http://www.springer.com/law/international/book/978-94-007-2542-3) or from Amazon.

David Wright and Paul De Hert, Privacy Impact Assessment, Springer, Dordrecht, 2012.

Note to editors: If you would like to review the book, please click on “Reserve an Online Book Review Copy” on the above-mentioned web page and then follow the instructions.

For more information:

David Wright, co-editor and author, is Managing Partner of Trilateral Research & Consulting, a London-based partnership specialising in data protection, privacy, risk, surveillance and security issues.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

David Wright
Visit website