Abstract
Data protection has long relied on risk management as a critical tool for ensuring that data are processed appropriately and that the fundamental rights of individuals are protected effectively.
Risk management is an explicit requirement of many data protection laws. For example, the 1988 US Computer Matching and Privacy Protection Act requires government agencies to perform a cost–benefit analysis of proposed data matching.1 Security breach notification laws often link notice to an assessment of the risk to individuals posed by the breached information. As the Article 29 Data Protection Working Party has noted, for notification to be effective ‘it is important to have an appropriate risk management framework in place …’.2 And risk management is the goal of Privacy Impact Assessments.
Risk management is an explicit requirement of many data protection laws. For example, the 1988 US Computer Matching and Privacy Protection Act requires government agencies to perform a cost–benefit analysis of proposed data matching.1 Security breach notification laws often link notice to an assessment of the risk to individuals posed by the breached information. As the Article 29 Data Protection Working Party has noted, for notification to be effective ‘it is important to have an appropriate risk management framework in place …’.2 And risk management is the goal of Privacy Impact Assessments.
Original language | English |
---|---|
Pages (from-to) | 95-98 |
Number of pages | 4 |
Journal | International Data Privacy Law |
Volume | 5 |
Issue number | 2 |
DOIs | |
Publication status | Published - 12 May 2015 |