I: Privacy Risk Models and Frameworks

Question 1

Nissenbaum’s contextual integrity

Answer 1

Maintaining personal information in alignment with the norms (usually domain-specific) that apply to a particular context.

Risk occurs when those norms are violated.

Question 2

Calo’s harm dimensions

Answer 2

Concept of objective and subject harm.

Question 3

Objective Harm

Answer 3

Measurable and observable harms that occur when privacy has been violated. Think of objective harm like “battery.”

Question 4

Subjective Harm

Answer 4

Expected or perceived harm. It causes harm and anxiety, and can be thought of as “assault” (since it’s the expectation of harm).

Question 5

Legal Compliance

Answer 5

Compliance regulations impact how data is collected, used, stored and destroyed. Risks are caused by:

• the failure to do what is required
• the failure to avoid what is prohibited

Question 6

FIPPs (Fair Information Practice Principles)

Answer 6

Mandates:

• Notice, choice and consent
• Access
• Controls
• How information is managed

Question 7

NIST framework (National Institute of Standards and Technology)

Answer 7

Provides standards and guidelines for managing cybersecurity-related risks.

NIST frameworks include:

• Risk Management Framework
• Cybersecurity Framework
• Privacy Framework

Question 8

NICE framework (National Initiative for Cybersecurity Education)

Answer 8

Published by NIST, it categorizes and describes cybersecurity work. It establishes a common terminology and is intended to be cross-sectoral.

Question 9

FAIR (Factors Analysis in Information Risk)

Answer 9

Breaks risk up into constituent parts. Goal is not to eliminate risk, but make it more defensible.

Risk is broken in “frequency of action” and “magnitude of violations.”