Privacy Harms

From MgmtWiki
Revision as of 21:29, 17 March 2023 by Tom (talk | contribs) (Taxonomy)

Jump to: navigation, search

Full Title or Meme

Privacy Harms takes the view of the Subject in a privacy Exploit.

Context

  • Normally the Privacy Risk of any transaction is measured in terms of the risk to the Enterprise that holds the user data.
  • This page is about the risk to the Subject of the data that is disclosed.
  • The Exploit of using the Subject's private data can be any of a variety of entities, inlcuding the Entity that acquired the data from the Subject.
  • As in many web transactions, the benefit of the transaction typically accrues to the Enterprise and the cost to the Subject.

Taxonomy

  • Enterprise in this paper means either of (1) the data controller, (2) the data processor, (3) the data issuer, or (4) the attacker, which in this case covers all of the other entities that my benefit from having the Subject's data. (n.b. Some may quibble that the issuer is just another processor, but I believe it is instructive to treat them separately here.)
  • Subject is the natural person that the data is about. (All the harms here are related to natural persons.)
  • Payor is the entity that bears any monitary cost of an exploit. This may be the Subject, the Enterprise, or some third party payor, like an insurance company.

Harms

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Privacy_Harms&oldid=16940"