To main content

Towards a Privacy Scorecard – Initial Design Exemplified on an Intelligent Transport Systems Service

Abstract

Increasingly many services depend on access to data that are traceable to individuals, the so-called "personally identifiable information" (PII). The ecosystem of PII-dependent services is growing, becoming highly complex and dynamic. As a result, a wide variety of PII is constantly collected, stored, exchanged, and applied by all kinds of services. Practice of PII handling among service providers varies, as does the insight and influence of the end-users on how their own PII is treated. For a user, privacy represents a condition for his/her trust and service adoption. It is moreover essential for a service provider to be able to claim privacy awareness over time. This is particularly important as the new EU privacy regulation is about to become operative, thus enforcing strict privacy requirements on the service providers and giving new rights to the users. In order to preserve user trust and manage the technical and legal privacy requirements, a practically usable support to continu ously and transparently plan and follow-up privacy compliance, is needed. To this end, we propose an initial version of a so-called "Privacy Scorecard", that is, a decision support for a service provider aimed to facilitate identification, specification, measurement and follow-up of fulfilment of privacy goals in a relatively transparent and comprehensible manner. In this position paper, we present initial design and intended usage of the Privacy Scorecard. We also exemplify how it can be applied to a concrete service. The initial findings indicate feasibility of the approach and suggest directions for further work, including refinement of the scorecard design and usage guidelines, tool support for visualization, as well as further empirical evaluation.
Read publication

Category

Academic chapter/article/Conference paper

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Sustainable Communication Technologies
  • SINTEF Digital / Software Engineering, Safety and Security

Year

2017

Publisher

SciTePress

Book

Proceedings of the 3rd International Conference on Information Systems Security and Privacy, Porto, Portugal, 19 - 21 February, 2017

ISBN

978-989-758-209-7

Page(s)

585 - 593

View this publication at Cristin