The University of Southampton
University of Southampton Institutional Repository

Fuzzy-based approach to assess and prioritize privacy risks

Fuzzy-based approach to assess and prioritize privacy risks
Fuzzy-based approach to assess and prioritize privacy risks

The new general data protection regulation requires organizations to conduct a data protection impact assessment (DPIA) when the processing of personal information may result in high risk to individual rights and freedoms. DPIA allows organizations to identify, assess and prioritize the risks related to the processing of personal information and select suitable mitigations to reduce the severity of the risks. The existing DPIA methodologies measure the severity of privacy risks according to analysts’ opinions about the likelihood and the impact factors of the threats. The assessment is therefore subjective to the expertise of the analysts. To reduce subjectivity, we propose a set of well-defined criteria that analysts can use to measure the likelihood and the impact of a privacy risk. Then, we adopt the fuzzy multi-criteria decision-making approach to systematically measure the severity of privacy risks while modeling the imprecision and vagueness inherent in linguistic assessment. Our approach is illustrated for a realistic scenario with respect to LINDDUN threat categories.

Fuzzy set theory, Privacy risk assessment, Privacy risks
1432-7643
1-11
Hart, Stephen
43396380-899f-44e0-86c3-3aa10aae993c
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Hart, Stephen
43396380-899f-44e0-86c3-3aa10aae993c
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e

Hart, Stephen, Ferrara, Anna Lisa and Paci, Federica (2019) Fuzzy-based approach to assess and prioritize privacy risks. Soft Computing, 1-11. (doi:10.1007/s00500-019-03986-5).

Record type: Article

Abstract

The new general data protection regulation requires organizations to conduct a data protection impact assessment (DPIA) when the processing of personal information may result in high risk to individual rights and freedoms. DPIA allows organizations to identify, assess and prioritize the risks related to the processing of personal information and select suitable mitigations to reduce the severity of the risks. The existing DPIA methodologies measure the severity of privacy risks according to analysts’ opinions about the likelihood and the impact factors of the threats. The assessment is therefore subjective to the expertise of the analysts. To reduce subjectivity, we propose a set of well-defined criteria that analysts can use to measure the likelihood and the impact of a privacy risk. Then, we adopt the fuzzy multi-criteria decision-making approach to systematically measure the severity of privacy risks while modeling the imprecision and vagueness inherent in linguistic assessment. Our approach is illustrated for a realistic scenario with respect to LINDDUN threat categories.

Full text not available from this repository.

More information

e-pub ahead of print date: 15 April 2019
Keywords: Fuzzy set theory, Privacy risk assessment, Privacy risks

Identifiers

Local EPrints ID: 432809
URI: http://eprints.soton.ac.uk/id/eprint/432809
ISSN: 1432-7643
PURE UUID: ffd098fb-bc04-4095-85db-a5f2e9b0a40b
ORCID for Federica Paci: ORCID iD orcid.org/0000-0003-3122-0236

Catalogue record

Date deposited: 26 Jul 2019 16:30
Last modified: 15 Sep 2021 02:04

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×