Privacy Risk Assessment Methodology
Lead Research Organisation:
University of Southampton
Department Name: UNLISTED
Abstract
Organisations responsible for data protection must demonstrate that sharing data for research does not put individuals at undue risk of harm. Such harms relate to a person’s right to privacy, for example, someone’s identity is revealed or that data is used unlawfully.
Organisations aim to reduce harm by privacy risk management. Although best practice principles such as the Five Safes are used, there is no standard privacy risk assessment approach. This leaves organisations to make their own choices about levels of risk and how they should be managed.
Personal data may be held in many organisations. Often research requires combinations of data e.g., studying patients from hospital to recovery may combine medical data with other data from social care and digital health. With no standard risk assessment approach, it’s hard for multiple organisations to assess and manage risk consistently.
PRiAM aims to deliver a way to assess privacy risks for data managed by multiple organisations. Engaging experts and members of the public in research use cases, a privacy risk assessment framework will be developed and demonstrated using a security decision support tool. The framework and evaluation of usability and efficiency will be published ensuring widespread impact.
Organisations aim to reduce harm by privacy risk management. Although best practice principles such as the Five Safes are used, there is no standard privacy risk assessment approach. This leaves organisations to make their own choices about levels of risk and how they should be managed.
Personal data may be held in many organisations. Often research requires combinations of data e.g., studying patients from hospital to recovery may combine medical data with other data from social care and digital health. With no standard risk assessment approach, it’s hard for multiple organisations to assess and manage risk consistently.
PRiAM aims to deliver a way to assess privacy risks for data managed by multiple organisations. Engaging experts and members of the public in research use cases, a privacy risk assessment framework will be developed and demonstrated using a security decision support tool. The framework and evaluation of usability and efficiency will be published ensuring widespread impact.
Technical Summary
The effective use of data is expected to transform society but use of personal data creates privacy risks. Currently privacy risk management is vague, resulting in a variety of Trusted Research Environments with no consistent guidance for privacy risk assessment, mitigation and management. This is challenging for interdisciplinary research where complex health and social care datasets under different domains of control need to be combined. Today’s privacy impact assessment methods are complicated, demanding and not widely used in practice, leading to inconsistent results. A common way of analysing privacy risks is needed to establish effective cross-council research networks and ensure privacy risk can be managed consistently and efficiently.
We aim to lay the foundations for a standard privacy risk assessment framework that can describe and automatically assess privacy risk for safe data federations. The objectives are to 1) define use cases and data patterns for advanced analytics, 2) identify privacy risk factors 3) define a risk tier classification framework 4) assess privacy risks for use cases (public health and integrated care) using cyber security risk modelling and simulation, and
5) develop, evaluate and disseminate the framework and lessons learnt through engagement with experts and the public.
The framework for comparative assessment of different privacy risks will provide a reference to enable organisations to assess the overall risk levels. We will then investigate how to extend ISO 27005 information security risk management concepts and processes to privacy risk management. We will investigate important types of privacy risk from the framework (e.g. re-identification); threats that can cause privacy risks (e.g., linking); patterns of assets to identify threats (e.g. aggregation of datasets); environments that affect the likelihood of privacy threats (e.g. environment affecting the risk of re-identification); adversarial conditions (e.g. motivations, capabilities and opportunity); and controls (e.g. homomorphic encryption, parquet encryption, secure enclaves, contracts) that can lower the likelihood of threats occurring or mitigate the impact of the risk.
Three work packages will address user needs, privacy risk framework and implementation. WP1 “Use Cases, Evaluation & Stakeholder Engagement” will analyse use cases, requirements, conduct evaluation and capture/disseminate lessons learnt to maximise impact. WP2 “Privacy Risk Framework Specification” will identify privacy risks factors and development the privacy assessment framework.
WP3 “Privacy Risk Modelling & Simulation” will model risk factors and assess use cases using ISO27005.
We aim to lay the foundations for a standard privacy risk assessment framework that can describe and automatically assess privacy risk for safe data federations. The objectives are to 1) define use cases and data patterns for advanced analytics, 2) identify privacy risk factors 3) define a risk tier classification framework 4) assess privacy risks for use cases (public health and integrated care) using cyber security risk modelling and simulation, and
5) develop, evaluate and disseminate the framework and lessons learnt through engagement with experts and the public.
The framework for comparative assessment of different privacy risks will provide a reference to enable organisations to assess the overall risk levels. We will then investigate how to extend ISO 27005 information security risk management concepts and processes to privacy risk management. We will investigate important types of privacy risk from the framework (e.g. re-identification); threats that can cause privacy risks (e.g., linking); patterns of assets to identify threats (e.g. aggregation of datasets); environments that affect the likelihood of privacy threats (e.g. environment affecting the risk of re-identification); adversarial conditions (e.g. motivations, capabilities and opportunity); and controls (e.g. homomorphic encryption, parquet encryption, secure enclaves, contracts) that can lower the likelihood of threats occurring or mitigate the impact of the risk.
Three work packages will address user needs, privacy risk framework and implementation. WP1 “Use Cases, Evaluation & Stakeholder Engagement” will analyse use cases, requirements, conduct evaluation and capture/disseminate lessons learnt to maximise impact. WP2 “Privacy Risk Framework Specification” will identify privacy risks factors and development the privacy assessment framework.
WP3 “Privacy Risk Modelling & Simulation” will model risk factors and assess use cases using ISO27005.
Publications
Description | privacy assessment methodology informing the design and deliver a coordinated and trustworthy national data research infrastructure |
Geographic Reach | National |
Policy Influence Type | Contribution to new or improved professional practice |
Impact | PRiAM engaged directly with the public in the development of the methodology "UK PRiAM Project D4 Report: Public Engagement: Understanding private individuals' perspectives on privacy and privacy risk" https://zenodo.org/record/7107487#.ZBLPy3bP0uU |
URL | https://dareuk.org.uk/wp-content/uploads/2022/08/DARE_UK-Paving_the_way_coordinated_national_infrast... |
Description | Foundations of a Trustworthiness Risk Assessment Framework for AI Systems |
Amount | £130,000 (GBP) |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 11/2022 |
End | 03/2023 |
Description | Synthetic generation of hematological data over federated computing frameworks |
Amount | € 6,991,961 (EUR) |
Funding ID | 101095530 |
Organisation | European Commission |
Sector | Public |
Country | European Union (EU) |
Start | 12/2022 |
End | 11/2026 |
Title | Spyderisk System Modeller Tool |
Description | The Spyderisk System Modeller (SSM) provides a thorough risk assessment of complex systems making use of context and connectivity to take into account the web of attack paths and secondary threat cascades in a system. Spyderisk assists the user in following the risk assessment process defined in ISO 27005 and thus supports the Information Security Management System defined in ISO 27001. The Spyderisk System Modeller is a generic risk assessment tool and must be configured with a model of a domain ("knowledgebase"), containing the available asset types and relations, descriptions of the threats, the possible security controls, and more. |
Type Of Material | Improvements to research infrastructure |
Year Produced | 2022 |
Provided To Others? | Yes |
Impact | Spyderisk is the result of over 10 years of RTD. The PRiAM project contributed to exploring it's use for privacy risk assessment. Spyderisk is now moving towards an open project with the aim to understand the trustworthiness of socio-technical systems by establishing an international Open Community supporting the research, development, use and support of open, effective, and accessible risk assessment methods, knowledge and tools. The strategic objectives of the project include: Warwick are partners of PRiAM and are now part of the Spyderisk community working together with the University of Southampton. Further impacts are expected going foward as the open project builds. |
URL | https://github.com/Spyderisk |
Description | Spyderisk Open Project |
Organisation | University of Warwick |
Country | United Kingdom |
Sector | Academic/University |
PI Contribution | Spyderisk is the result of over 10 years of RTD. The PRiAM project contributed to exploring it's use for privacy risk assessment. Spyderisk is now moving towards an open project with the aim to understand the trustworthiness of socio-technical systems by establishing an international Open Community supporting the research, development, use and support of open, effective, and accessible risk assessment methods, knowledge and tools. The strategic objectives of the project include: • Make risk assessment of socio-technical systems open, effective and accessible to all as a public good, free, and easy to use. • Foster a diverse and inclusive community of users and contributors who offer a meaningful voice and language for socio-technical risk assessment that reflects this diversity. • Openly share, curate and engineer published machine-readable and explainable knowledge describing socio-technical risks and their causes, effects and controls to manage them. • Develop effective risk assessment methods and tools co-produced and used by the community to tackle existing and emerging socio-technical risks. • Ensure project stewardship is conducted openly by diverse and representative stakeholders for public benefit. We lead the creation of the Spderisk Open Project |
Collaborator Contribution | Warwick are partners of PRiAM and are now part of the Spyderisk community working together with the University of Southampton. |
Impact | https://github.com/Spyderisk/system-modeller/tree/dev/docs/papers |
Start Year | 2023 |
Title | System Security Modeller |
Description | The System Security Modeller (SSM) is a risk management tool for semi-automation of cyber physical risk assessment. PRiAM used the tool for automating privacy risk assessment as described in DARE UK PRiAM Project D3 Report: Privacy Risk Framework Application Guide https://zenodo.org/record/7107466#.ZBLRfnbP0uU |
Type Of Technology | Webtool/Application |
Year Produced | 2022 |
Impact | The System Security Modeller (SSM) is currently being open sourced under the brand SPYDERISK and will be available Spring 23 |
URL | https://zenodo.org/record/6656064#.ZBLRHHbP0uU |