Assignment: Impact assessment, risk assessment, control selection
Due6 Jun 2018 by
Submittinga text entry box or a file upload
Write a text that analyzes privacy in the previously described InstantONS dating service! Your overall text should not exceed 2000 words! You are allowed to use bullet lists or tables for analysis and discussion.
Please upload your analysis or paste it into the submission form!
Please structure your analysis according to the following structure:
Identify the data controller and the data processors in the InstantONS scenario! (Length: a few lines of text)
Summarize the sources for and types of personal data that are being collected and processed in InstantONS! (Length: A paragraph or two)
From a privacy risk manager perspective, please specify one personal data asset (PDA) from the scenario that you will analyze further in the steps below and describe it! You may use your imagination to identify a likely PDA. (Length: a few paragraphs, not more than 300 words!)
Summarize two risks each for the business and the data subject when your chosen PDA gets compromized (lost, published, abused). You may use Solove's taxonomy of privacy as an inspiration. You should relate the risks to the PDA! (Length: four short paragraphs, ca. 300 words!)
For one of your risks to the data subject: Please summarize the data protection impact of the PDA and the way it is being processed. Write about severity concerning the data subject's life, impact of compromize on society, and expected frequency and magnitude of the compromize! (Length: max. 300 words)
Finally, propose a privacy control that will help to reduce risk and impact. Mention the type of control and describe how you used the privacy control selection criteria in your decision-making. (Length: max. 300 words)
You may write your analysis in Swedish, English, German or Norwegian - however if you use a language other than English please make sure that you refererence the English terminology from the course! Please remember the rules on academic honesty! To show that you understood course materials, please reference them in your written analysis (e.g. reference a catalog of privacy controls that you used to select your controls).
Can't change a rubric once you've started using it.