Identification of assets in the process of privacy protection

Authors

  • Matus Ivanco
  • Thomas Lovecek

Keywords:

privacy, identification, assets, processing of personal data, threats, risk

Abstract

Currently, the issue of personal data protection is a topical issue, because of the expected approval of the Personal Protection Act in the Slovak Republic, which will be the transposition of GDPR. The paper provides a guidance on identifying of assets and interrelated or interacting activities in connection with the process of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of personally identifiable information, framed within an organization’s broader risk management framework. In the context of a privacy risk management process, personally identifiable information will be considered as an asset. For the purposes of this article, the terms and definitions given in ISO / IEC 29100, ISO / IEC 29134, ISO / IEC 27000, ISO / IEC 27005, ISO Guide 73 will be used.

References

[1] Kampová, K., Loveček, T.: Security systems - Managing security in organization. EDIS publishers, University of Žilina, 2007. ISBN 978-80-554-0615-2.
[2] ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information security management.
[3] ISO/IEC 27005:2008 Information technology -- Security techniques -- Information security risk management.
[4] ISO/IEC 29 100:2011 Information technology - Security techniques - Privacy framework
[5] ISO/IEC 29134:2017 Information technology — Security techniques — Guidelines for privacy impact assessment
[6] Regulation (EU) 2016/679 of the European Parliament and of the Council - Article 94 - Repeal of Directive 95/46/EC

Downloads

Published

2018-05-09

Issue

Section

Safety Science (Biztonságtudomány)