IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v12y2020i5p93-d362400.html
   My bibliography  Save this article

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

Author

Listed:
  • Jane Henriksen-Bulmer

    (Department of Computing & Informatics, Bournemouth University, Fern Barrow, Poole BH12 5BB, UK
    These authors contributed equally to this work.)

  • Shamal Faily

    (Department of Computing & Informatics, Bournemouth University, Fern Barrow, Poole BH12 5BB, UK
    These authors contributed equally to this work.)

  • Sheridan Jeary

    (Department of Computing & Informatics, Bournemouth University, Fern Barrow, Poole BH12 5BB, UK)

Abstract

Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions.

Suggested Citation

  • Jane Henriksen-Bulmer & Shamal Faily & Sheridan Jeary, 2020. "DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems," Future Internet, MDPI, vol. 12(5), pages 1-23, May.
  • Handle: RePEc:gam:jftint:v:12:y:2020:i:5:p:93-:d:362400
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/12/5/93/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/12/5/93/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Millar, Annie & Simeone, Ronald S. & Carnevale, John T., 2001. "Logic models: a systems tool for performance management," Evaluation and Program Planning, Elsevier, vol. 24(1), pages 73-81, February.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Dimitrios Papamartzivanos & Sofia Anna Menesidou & Panagiotis Gouvas & Thanassis Giannetsos, 2021. "A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly," Future Internet, MDPI, vol. 13(2), pages 1-34, January.
    2. Jane Henriksen-Bulmer & Cagatay Yucel & Shamal Faily & Ioannis Chalkias, 2022. "Privacy Goals for the Data Lifecycle," Future Internet, MDPI, vol. 14(11), pages 1-25, October.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Fielden, Sarah J. & Rusch, Melanie L. & Masinda, Mambo Tabu & Sands, Jim & Frankish, Jim & Evoy, Brian, 2007. "Key considerations for logic model development in research partnerships: A Canadian case study," Evaluation and Program Planning, Elsevier, vol. 30(2), pages 115-124, May.
    2. Ebenso, Bassey & Manzano, Ana & Uzochukwu, Benjamin & Etiaba, Enyi & Huss, Reinhard & Ensor, Tim & Newell, James & Onwujekwe, Obinna & Ezumah, Nkoli & Hicks, Joe & Mirzoev, Tolib, 2019. "Dealing with context in logic model development: Reflections from a realist evaluation of a community health worker programme in Nigeria," Evaluation and Program Planning, Elsevier, vol. 73(C), pages 97-110.
    3. Peyton, David J. & Scicchitano, Michael, 2017. "Devil is in the details: Using logic models to investigate program process," Evaluation and Program Planning, Elsevier, vol. 65(C), pages 156-162.
    4. Roberts, Jennifer & Winter, Karen & Connolly, Paul, 2017. "The Letterbox Club book gifting intervention: Findings from a qualitative evaluation accompanying a randomised controlled trial," Children and Youth Services Review, Elsevier, vol. 73(C), pages 467-473.
    5. Wu, Huang & Shen, Jianping & Jones, Jeffrey & Gao, Xingyuan & Zheng, Yunzheng & Krenn, Huilan Y., 2019. "Using logic model and visualization to conduct portfolio evaluation," Evaluation and Program Planning, Elsevier, vol. 74(C), pages 69-75.
    6. Vinícius P. Rodrigues & Daniela C. A. Pigosso & Jakob W. Andersen & Tim C. McAloone, 2018. "Evaluating the Potential Business Benefits of Ecodesign Implementation: A Logic Model Approach," Sustainability, MDPI, vol. 10(6), pages 1-26, June.
    7. Petchprakai Sirilertsuwan & Sébastien Thomassey & Xianyi Zeng, 2020. "A Strategic Location Decision-Making Approach for Multi-Tier Supply Chain Sustainability," Sustainability, MDPI, vol. 12(20), pages 1-37, October.
    8. Kaplan, Sue A. & Garrett, Katherine E., 2005. "The use of logic models by community-based initiatives," Evaluation and Program Planning, Elsevier, vol. 28(2), pages 167-172, May.
    9. Park, Chul Hyun & Welch, Eric W. & Sriraj, P.S., 2016. "An integrative theory-driven framework for evaluating travel training programs," Evaluation and Program Planning, Elsevier, vol. 59(C), pages 7-20.
    10. George M Ibrahim & David W Cadotte & Mark Bernstein, 2015. "A Framework for the Monitoring and Evaluation of International Surgical Initiatives in Low- and Middle-Income Countries," PLOS ONE, Public Library of Science, vol. 10(3), pages 1-14, March.
    11. Sherman, Paul David, 2016. "Using RUFDATA to guide a logic model for a quality assurance process in an undergraduate university program," Evaluation and Program Planning, Elsevier, vol. 55(C), pages 112-119.
    12. Scarinci, Isabel C. & Johnson, Rhoda E. & Hardy, Claudia & Marron, John & Partridge, Edward E., 2009. "Planning and implementation of a participatory evaluation strategy: A viable approach in the evaluation of community-based participatory programs addressing cancer disparities," Evaluation and Program Planning, Elsevier, vol. 32(3), pages 221-228, August.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:12:y:2020:i:5:p:93-:d:362400. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.