Privacy Impact Assessment Template for Provenance

Jenni Reuben, Leonardo A. Martucci, Simone Fischer-Hubner, Heather S. Packer, Hans Hedbom, Luc Moreau
2016 2016 11th International Conference on Availability, Reliability and Security (ARES)  
Provenance data can be expressed as a graph with links informing who and which activities created, used and modified entities. The semantics of these links and domain specific reasoning can support the inference of additional information about the elements in the graph. If such elements include personal identifiers and/or personal identifiable information, then inferences may reveal unexpected links between elements, thus exposing personal data beyond an individual's intentions. Provenance
more » ... s often entangle data relating to multiple individuals. It is therefore a challenge to protect personal data from unintended disclosure in provenance graphs. In this paper, we provide a Privacy Impact Assessment (PIA) template for identifying imminent privacy threats that arise from provenance graphs in an application-agnostic setting. The PIA template identifies privacy threats, lists potential countermeasures, helps to manage personal data protection risks, and maintains compliance with privacy data protection laws and regulations.
doi:10.1109/ares.2016.95 dblp:conf/IEEEares/ReubenMFPHM16 fatcat:psysbk6urvfcrcfevzagof76ay