Risk management in data protection

Christopher Kuner, Fred H Cate, Christopher Millard, Dan Jerker B Svantesson, Orla Lynskey

Research output: Contribution to journalEditorialResearch

Abstract

Data protection has long relied on risk management as a critical tool for ensuring that data are processed appropriately and that the fundamental rights of individuals are protected effectively.

Risk management is an explicit requirement of many data protection laws. For example, the 1988 US Computer Matching and Privacy Protection Act requires government agencies to perform a cost–benefit analysis of proposed data matching.1 Security breach notification laws often link notice to an assessment of the risk to individuals posed by the breached information. As the Article 29 Data Protection Working Party has noted, for notification to be effective ‘it is important to have an appropriate risk management framework in place …’.2 And risk management is the goal of Privacy Impact Assessments.
Original languageEnglish
Pages (from-to)95-98
Number of pages3
JournalInternational Data Privacy Law
Volume5
Issue number2
DOIs
Publication statusPublished - 12 May 2015

Fingerprint

Risk management
Data protection
Privacy
Government agencies
Cost-benefit analysis
Breach
Impact assessment

Cite this

Kuner, Christopher ; Cate, Fred H ; Millard, Christopher ; Svantesson, Dan Jerker B ; Lynskey, Orla. / Risk management in data protection. In: International Data Privacy Law. 2015 ; Vol. 5, No. 2. pp. 95-98.
@article{b760a34c2cf54a3c9f0e0a50f400089f,
title = "Risk management in data protection",
abstract = "Data protection has long relied on risk management as a critical tool for ensuring that data are processed appropriately and that the fundamental rights of individuals are protected effectively.Risk management is an explicit requirement of many data protection laws. For example, the 1988 US Computer Matching and Privacy Protection Act requires government agencies to perform a cost–benefit analysis of proposed data matching.1 Security breach notification laws often link notice to an assessment of the risk to individuals posed by the breached information. As the Article 29 Data Protection Working Party has noted, for notification to be effective ‘it is important to have an appropriate risk management framework in place …’.2 And risk management is the goal of Privacy Impact Assessments.",
author = "Christopher Kuner and Cate, {Fred H} and Christopher Millard and Svantesson, {Dan Jerker B} and Orla Lynskey",
year = "2015",
month = "5",
day = "12",
doi = "10.1093/idpl/ipv005",
language = "English",
volume = "5",
pages = "95--98",
journal = "International Data Privacy Law",
issn = "2044-3994",
publisher = "Oxford University Press",
number = "2",

}

Kuner, C, Cate, FH, Millard, C, Svantesson, DJB & Lynskey, O 2015, 'Risk management in data protection' International Data Privacy Law, vol. 5, no. 2, pp. 95-98. https://doi.org/10.1093/idpl/ipv005

Risk management in data protection. / Kuner, Christopher; Cate, Fred H; Millard, Christopher; Svantesson, Dan Jerker B; Lynskey, Orla.

In: International Data Privacy Law, Vol. 5, No. 2, 12.05.2015, p. 95-98.

Research output: Contribution to journalEditorialResearch

TY - JOUR

T1 - Risk management in data protection

AU - Kuner, Christopher

AU - Cate, Fred H

AU - Millard, Christopher

AU - Svantesson, Dan Jerker B

AU - Lynskey, Orla

PY - 2015/5/12

Y1 - 2015/5/12

N2 - Data protection has long relied on risk management as a critical tool for ensuring that data are processed appropriately and that the fundamental rights of individuals are protected effectively.Risk management is an explicit requirement of many data protection laws. For example, the 1988 US Computer Matching and Privacy Protection Act requires government agencies to perform a cost–benefit analysis of proposed data matching.1 Security breach notification laws often link notice to an assessment of the risk to individuals posed by the breached information. As the Article 29 Data Protection Working Party has noted, for notification to be effective ‘it is important to have an appropriate risk management framework in place …’.2 And risk management is the goal of Privacy Impact Assessments.

AB - Data protection has long relied on risk management as a critical tool for ensuring that data are processed appropriately and that the fundamental rights of individuals are protected effectively.Risk management is an explicit requirement of many data protection laws. For example, the 1988 US Computer Matching and Privacy Protection Act requires government agencies to perform a cost–benefit analysis of proposed data matching.1 Security breach notification laws often link notice to an assessment of the risk to individuals posed by the breached information. As the Article 29 Data Protection Working Party has noted, for notification to be effective ‘it is important to have an appropriate risk management framework in place …’.2 And risk management is the goal of Privacy Impact Assessments.

U2 - 10.1093/idpl/ipv005

DO - 10.1093/idpl/ipv005

M3 - Editorial

VL - 5

SP - 95

EP - 98

JO - International Data Privacy Law

JF - International Data Privacy Law

SN - 2044-3994

IS - 2

ER -