Risk management in data protection

Christopher Kuner, Fred H Cate, Christopher Millard, Dan Jerker B Svantesson, Orla Lynskey

Research output: Contribution to journalEditorialResearch

15 Citations (Scopus)


Data protection has long relied on risk management as a critical tool for ensuring that data are processed appropriately and that the fundamental rights of individuals are protected effectively.

Risk management is an explicit requirement of many data protection laws. For example, the 1988 US Computer Matching and Privacy Protection Act requires government agencies to perform a cost–benefit analysis of proposed data matching.1 Security breach notification laws often link notice to an assessment of the risk to individuals posed by the breached information. As the Article 29 Data Protection Working Party has noted, for notification to be effective ‘it is important to have an appropriate risk management framework in place …’.2 And risk management is the goal of Privacy Impact Assessments.
Original languageEnglish
Pages (from-to)95-98
Number of pages4
JournalInternational Data Privacy Law
Issue number2
Publication statusPublished - 12 May 2015


Dive into the research topics of 'Risk management in data protection'. Together they form a unique fingerprint.

Cite this