Towards Legal Privacy Risk Assessment and Specification

Publikasjonsdetaljer

Del av: Trust, Privacy and Security in Digital Business - Trustbus 2011 (Springer Publishing Company, 2011)
Sider: 174–185
År: 2011
Lenker:
- FULLTEKST: http://dx.doi.org/10.1007/978-3-642-22890-2_15
- OMTALE: http://www.springerlink.com/content/ck571m1453757267/
- DOI: doi.org/10.1007/978-3-642-22890-2_15

This article focuses on privacy risk assessment from a legal perspective. We focus on how to estimate legal privacy risk with legal norms instead of quantitative values. We explain the role of normative values in legal risk assessment and introduce a specification for legal privacy risk using a modal language. We examine the difference between legal privacy risk assessment and Information Technology (IT) security risk assessment. IT security risk assessment supports the decision-making processes of system stakeholders - individuals, managers, groups or organizations. It supports both quantitative and qualitative risk analyses and may rely on the knowledge of security experts to estimate the risk. The application of an IT security risk assessment method for legal privacy risk assessment may lead to poor communication and high uncertainties in the risk estimation because legal reasoning is based on normative values and requires legal knowledge. This article proposes legal privacy risk assessment in the knowledge domain of a legal risk assessor.