Privacy Risk Assessment: From Art to Science, By Metrics
This addresses the need for more accurate and reliable privacy risk assessments to enhance privacy protections in various applications, though it appears incremental as it builds on existing concepts.
The paper tackles the problem of quantifying privacy risk in systems by moving from subjective assessments to a scientific approach, proposing a method that decomposes and quantifies impact and likelihood with meaningful metrics.
Privacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts picking the "correct" risk level on e.g. a five-point scale. In this paper, we argue that a more scientific quantification of privacy risk increases accuracy and reliability and can thus make it easier to build privacy-friendly systems. We discuss how the impact and likelihood of privacy violations can be decomposed and quantified, and stress the importance of meaningful metrics and units of measurement. We suggest a method of quantifying and representing privacy risk that considers a collection of factors as well as a variety of contexts and attacker models. We conclude by identifying some of the major research questions to take this approach further in a variety of application scenarios.