Privacy Risk Assessment Methodology

Lead Research Organisation: University of Southampton
Department Name: UNLISTED

Abstract

Organisations responsible for data protection must demonstrate that sharing data for research does not put individuals at undue risk of harm. Such harms relate to a person’s right to privacy, for example, someone’s identity is revealed or that data is used unlawfully.
Organisations aim to reduce harm by privacy risk management. Although best practice principles such as the Five Safes are used, there is no standard privacy risk assessment approach. This leaves organisations to make their own choices about levels of risk and how they should be managed.
Personal data may be held in many organisations. Often research requires combinations of data e.g., studying patients from hospital to recovery may combine medical data with other data from social care and digital health. With no standard risk assessment approach, it’s hard for multiple organisations to assess and manage risk consistently.
PRiAM aims to deliver a way to assess privacy risks for data managed by multiple organisations. Engaging experts and members of the public in research use cases, a privacy risk assessment framework will be developed and demonstrated using a security decision support tool. The framework and evaluation of usability and efficiency will be published ensuring widespread impact.

Technical Summary

The effective use of data is expected to transform society but use of personal data creates privacy risks. Currently privacy risk management is vague, resulting in a variety of Trusted Research Environments with no consistent guidance for privacy risk assessment, mitigation and management. This is challenging for interdisciplinary research where complex health and social care datasets under different domains of control need to be combined. Today’s privacy impact assessment methods are complicated, demanding and not widely used in practice, leading to inconsistent results. A common way of analysing privacy risks is needed to establish effective cross-council research networks and ensure privacy risk can be managed consistently and efficiently.
We aim to lay the foundations for a standard privacy risk assessment framework that can describe and automatically assess privacy risk for safe data federations. The objectives are to 1) define use cases and data patterns for advanced analytics, 2) identify privacy risk factors 3) define a risk tier classification framework 4) assess privacy risks for use cases (public health and integrated care) using cyber security risk modelling and simulation, and
5) develop, evaluate and disseminate the framework and lessons learnt through engagement with experts and the public.
The framework for comparative assessment of different privacy risks will provide a reference to enable organisations to assess the overall risk levels. We will then investigate how to extend ISO 27005 information security risk management concepts and processes to privacy risk management. We will investigate important types of privacy risk from the framework (e.g. re-identification); threats that can cause privacy risks (e.g., linking); patterns of assets to identify threats (e.g. aggregation of datasets); environments that affect the likelihood of privacy threats (e.g. environment affecting the risk of re-identification); adversarial conditions (e.g. motivations, capabilities and opportunity); and controls (e.g. homomorphic encryption, parquet encryption, secure enclaves, contracts) that can lower the likelihood of threats occurring or mitigate the impact of the risk.
Three work packages will address user needs, privacy risk framework and implementation. WP1 “Use Cases, Evaluation & Stakeholder Engagement” will analyse use cases, requirements, conduct evaluation and capture/disseminate lessons learnt to maximise impact. WP2 “Privacy Risk Framework Specification” will identify privacy risks factors and development the privacy assessment framework.
WP3 “Privacy Risk Modelling & Simulation” will model risk factors and assess use cases using ISO27005.
 
Description privacy assessment methodology informing the design and deliver a coordinated and trustworthy national data research infrastructure
Geographic Reach National 
Policy Influence Type Contribution to new or improved professional practice
Impact PRiAM engaged directly with the public in the development of the methodology "UK PRiAM Project D4 Report: Public Engagement: Understanding private individuals' perspectives on privacy and privacy risk" https://zenodo.org/record/7107487#.ZBLPy3bP0uU
URL https://dareuk.org.uk/wp-content/uploads/2022/08/DARE_UK-Paving_the_way_coordinated_national_infrast...
 
Description Foundations of a Trustworthiness Risk Assessment Framework for AI Systems
Amount £130,000 (GBP)
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 11/2022 
End 03/2023
 
Description Synthetic generation of hematological data over federated computing frameworks
Amount € 6,991,961 (EUR)
Funding ID 101095530 
Organisation European Commission 
Sector Public
Country European Union (EU)
Start 12/2022 
End 11/2026
 
Title Spyderisk System Modeller Tool 
Description The Spyderisk System Modeller (SSM) provides a thorough risk assessment of complex systems making use of context and connectivity to take into account the web of attack paths and secondary threat cascades in a system. Spyderisk assists the user in following the risk assessment process defined in ISO 27005 and thus supports the Information Security Management System defined in ISO 27001. The Spyderisk System Modeller is a generic risk assessment tool and must be configured with a model of a domain ("knowledgebase"), containing the available asset types and relations, descriptions of the threats, the possible security controls, and more. 
Type Of Material Improvements to research infrastructure 
Year Produced 2022 
Provided To Others? Yes  
Impact Spyderisk is the result of over 10 years of RTD. The PRiAM project contributed to exploring it's use for privacy risk assessment. Spyderisk is now moving towards an open project with the aim to understand the trustworthiness of socio-technical systems by establishing an international Open Community supporting the research, development, use and support of open, effective, and accessible risk assessment methods, knowledge and tools. The strategic objectives of the project include: Warwick are partners of PRiAM and are now part of the Spyderisk community working together with the University of Southampton. Further impacts are expected going foward as the open project builds. 
URL https://github.com/Spyderisk
 
Description Spyderisk Open Project 
Organisation University of Warwick
Country United Kingdom 
Sector Academic/University 
PI Contribution Spyderisk is the result of over 10 years of RTD. The PRiAM project contributed to exploring it's use for privacy risk assessment. Spyderisk is now moving towards an open project with the aim to understand the trustworthiness of socio-technical systems by establishing an international Open Community supporting the research, development, use and support of open, effective, and accessible risk assessment methods, knowledge and tools. The strategic objectives of the project include: • Make risk assessment of socio-technical systems open, effective and accessible to all as a public good, free, and easy to use. • Foster a diverse and inclusive community of users and contributors who offer a meaningful voice and language for socio-technical risk assessment that reflects this diversity. • Openly share, curate and engineer published machine-readable and explainable knowledge describing socio-technical risks and their causes, effects and controls to manage them. • Develop effective risk assessment methods and tools co-produced and used by the community to tackle existing and emerging socio-technical risks. • Ensure project stewardship is conducted openly by diverse and representative stakeholders for public benefit. We lead the creation of the Spderisk Open Project
Collaborator Contribution Warwick are partners of PRiAM and are now part of the Spyderisk community working together with the University of Southampton.
Impact https://github.com/Spyderisk/system-modeller/tree/dev/docs/papers
Start Year 2023
 
Title System Security Modeller 
Description The System Security Modeller (SSM) is a risk management tool for semi-automation of cyber physical risk assessment. PRiAM used the tool for automating privacy risk assessment as described in DARE UK PRiAM Project D3 Report: Privacy Risk Framework Application Guide https://zenodo.org/record/7107466#.ZBLRfnbP0uU 
Type Of Technology Webtool/Application 
Year Produced 2022 
Impact The System Security Modeller (SSM) is currently being open sourced under the brand SPYDERISK and will be available Spring 23 
URL https://zenodo.org/record/6656064#.ZBLRHHbP0uU