Published by Addison-Wesley Professional (May 28, 2019) © 2020
William Stallings
The Comprehensive Guide to Engineering and Implementing Privacy Best Practices
As systems grow more complex and cybersecurity attacks more relentless, safeguarding privacy is ever more challenging. Organizations are increasingly responding in two ways, and both are mandated by key standards such as GDPR and ISO/IEC 27701:2019. The first approach, privacy by design, aims to embed privacy throughout the design and architecture of IT systems and business practices. The second, privacy engineering, encompasses the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems.
In Information Privacy Engineering and Privacy by Design, internationally renowned IT consultant and author William Stallings brings together the comprehensive knowledge privacy executives and engineers need to apply both approaches. Using the techniques he presents, IT leaders and technical professionals can systematically anticipate and respond to a wide spectrum of privacy requirements, threats, and vulnerabilities—addressing regulations, contractual commitments, organizational policies, and the expectations of their key stakeholders.
• Review privacy-related essentials of information security and cryptography
• Understand the concepts of privacy by design and privacy engineering
• Use modern system access controls and security countermeasures to partially satisfy privacy requirements
• Enforce database privacy via anonymization and de-identification
• Prevent data losses and breaches
• Address privacy issues related to cloud computing and IoT
• Establish effective information privacy management, from governance and culture to audits and impact assessment
• Respond to key privacy rules including GDPR, U.S. federal law, and the California Consumer Privacy Act
This guide will be an indispensable resource for anyone with privacy responsibilities in any organization, and for all students studying the privacy aspects of cybersecurity.
As systems grow more complex and cybersecurity attacks more relentless, safeguarding privacy is ever more challenging. Organizations are increasingly responding in two ways, and both are mandated by key standards such as GDPR and ISO/IEC 27701:2019. The first approach, privacy by design, aims to embed privacy throughout the design and architecture of IT systems and business practices. The second, privacy engineering, encompasses the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems.
In Information Privacy Engineering and Privacy by Design, internationally renowned IT consultant and author William Stallings brings together the comprehensive knowledge privacy executives and engineers need to apply both approaches. Using the techniques he presents, IT leaders and technical professionals can systematically anticipate and respond to a wide spectrum of privacy requirements, threats, and vulnerabilities—addressing regulations, contractual commitments, organizational policies, and the expectations of their key stakeholders.
• Review privacy-related essentials of information security and cryptography
• Understand the concepts of privacy by design and privacy engineering
• Use modern system access controls and security countermeasures to partially satisfy privacy requirements
• Enforce database privacy via anonymization and de-identification
• Prevent data losses and breaches
• Address privacy issues related to cloud computing and IoT
• Establish effective information privacy management, from governance and culture to audits and impact assessment
• Respond to key privacy rules including GDPR, U.S. federal law, and the California Consumer Privacy Act
This guide will be an indispensable resource for anyone with privacy responsibilities in any organization, and for all students studying the privacy aspects of cybersecurity.
Preface xxii
PART I: OVERVIEW 1
Chapter 1: Security and Cryptography Concepts 2
1.1 Cybersecurity, Information Security, and Network Security 2
Security Objectives 3
The Challenges of Information Security 5
1.2 Security Attacks 6
Passive Attacks 8
Active Attacks 8
1.3 Security Services 10
Authentication 10
Access Control 11
Data Confidentiality 11
Data Integrity 11
Nonrepudiation 12
Availability Service 12
1.4 Security Mechanisms 12
1.5 Cryptographic Algorithms 13
Keyless Algorithms 14
Single-Key Algorithms 14
Two-Key Algorithms 15
1.6 Symmetric Encryption 15
1.7 Asymmetric Encryption 17
1.8 Cryptographic Hash Functions 20
1.9 Digital Signatures 22
1.10 Practical Considerations 23
Selection of Cryptographic Algorithms and Key Lengths 23
Implementation Considerations 24
Lightweight Cryptographic Algorithms 24
Post-Quantum Cryptographic Algorithms 25
1.11 Public-Key Infrastructure 25
Public-Key Certificates 25
PKI Architecture 27
1.12 Network Security 29
Communications Security 29
Device Security 30
1.13 Key Terms and Review Questions 30
Key Terms 30
Review Questions 31
1.14 References 31
Chapter 2: Information Privacy Concepts 32
2.1 Key Privacy Terminology 32
2.2 Privacy by Design 35
Privacy by Design Principles 35
Requirements and Policy Development 37
Privacy Risk Assessment 37
Privacy and Security Control Selection 39
Privacy Program and Integration Plan 40
2.3 Privacy Engineering 41
Privacy Implementation 44
System Integration 44
Privacy Testing and Evaluation 45
Privacy Auditing and Incident Response 45
2.4 Privacy and Security 46
Areas of Overlap Between Security and Privacy 46
Trade-Offs Between Security and Privacy 48
2.5 Privacy Versus Utility 48
2.6 Usable Privacy 49
Users of Privacy Services and Functions 50
Usability and Utility 50
2.7 Key Terms and Review Questions 50
Key Terms 50
Review Questions 51
2.8 References 51
PART II: PRIVACY REQUIREMENTS AND THREATS 53
Chapter 3: Information Privacy Requirements and Guidelines 54
3.1 Personally Identifiable Information and Personal Data 55
Sources of PII 57
Sensitivity of PII 58
3.2 Personal Information That Is Not PII 59
3.3 Fair Information Practice Principles 63
3.4 Privacy Regulations 66
European Union 66
U.S. Privacy Laws and Regulations 67
3.5 Privacy Standards 68
International Organization for Standardization (ISO) 69
National Institute of Standards and Technology 77
3.6 Privacy Best Practices 88
Information Security Forum (ISF) 88
Cloud Security Alliance (CSA) 90
3.7 Key Terms and Review Questions 91
Key Terms 91
Review Questions 91
3.8 References 92
Chapter 4: Information Privacy Threats and Vulnerabilities 94
4.1 The Evolving Threat Environment 95
Overall Impact of Advances in Technology 95
Repurposing Collected Data 96
Means of Collection of PII 96
4.2 Privacy Threat Taxonomy 97
Information Collection 98
Information Processing 98
Information Dissemination 98
Invasions 99
4.3 NIST Threat Model 100
4.4 Threat Sources 105
4.5 Identifying Threats 106
4.6 Privacy Vulnerabilities 108
Vulnerability Categories 108
Location of Privacy Vulnerabilities 109
National Vulnerability Database and Common Vulnerability Scoring System 110
4.7 Key Terms and Review Questions 114
Key Terms 114
Review Questions 115
4.8 References 116
PART III: TECHNICAL SECURITY CONTROLS FOR PRIVACY 117
Chapter 5: System Access 118
5.1 System Access Concepts 119
Privileges 119
System Access Functions 120
Privacy Considerations for System Access 121
5.2 Authorization 122
Privacy Authorization 123
5.3 User Authentication 124
Means of Authentication 125
Multifactor Authentication 126
A Model for Electronic User Authentication 127
5.4 Access Control 129
Subjects, Objects, and Access Rights 130
Access Control Policies 131
Discretionary Access Control 131
Role-Based Access Control 133
Attribute-Based Access Control 135
5.5 Identity and Access Management 140
IAM Architecture 140
Federated Identity Management 142
5.6 Key Terms and Review Questions 144
Key Terms 144
Review Questions 145
5.7 Reference 145
Chapter 6: Malicious Software and Intruders 146
6.1 Malware Protection Activities 147
Types of Malware 147
The Nature of the Malware Threat 149
Practical Malware Protection 150
6.2 Malware Protection Software 153
Capabilities of Malware Protection Software 153
Managing Malware Protection Software 154
6.3 Firewalls 155
Firewall Characteristics 155
Types of Firewalls 156
Next-Generation Firewalls 163
DMZ Networks 164
The Modern IT Perimeter 165
6.4 Intrusion Detection 166
Basic Intrusion Detection Principles 167
Approaches to Intrusion Detection 167
Host-Based Intrusion Detection Techniques 169
Network-Based Intrusion Detection Systems 169
IDS Best Practices 171
6.5 Key Terms and Review Questions 172
Key Terms 172
Review Questions 173
6.6 References 174
PART IV: PRIVACY ENHANCING TECHNOLOGIES 175
Chapter 7: Privacy in Databases 176
7.1 Basic Concepts 178
Personal Data Attributes 179
Types of Data Files 180
7.2 Re-Identification Attacks 183
Types of Attacks 184
Potential Attackers 186
Disclosure Risks 186
Applicability to Privacy Threats 187
7.3 De-Identification of Direct Identifiers 188
Anonymization 189
Pseudonymization 189
7.4 De-Identification of Quasi-Identifiers in Microdata Files 190
Privacy-Preserving Data Publishing 192
Disclosure Risk Versus Data Utility 193
PPDP Techniques 194
7.5 K-Anonymity, L-Diversity, and T-Closeness 196
K-Anonymity 196
L-Diversity 198
T-Closeness 199
7.6 Summary Table Protection 199
Frequency Tables 200
Magnitude Tables 203
7.7 Privacy in Queryable Databases 204
Privacy Threats 205
Protecting Queryable Databases 206
7.8 Key Terms and Review Questions 211
Key Terms 211
Review Questions 212
7.9 References 212
Chapter 8: Online Privacy 214
8.1 The Online Ecosystem for Personal Data 215
8.2 Web Security and Privacy 217
Web Server Security and Privacy 218
Web Application Security and Privacy 219
Web Browser Security and Privacy 222
8.3 Mobile App Security 224
Mobile Ecosystem 224
Mobile Device Vulnerabilities 225
BYOD Policies 227
Mobile Application Vetting 229
Resources for Mobile Device Security 230
8.4 Online Privacy Threats 231
Web Application Privacy 231
Mobile App Privacy 232
8.5 Online Privacy Requirements 234
Online Privacy Principles 234
Online Privacy Framework 236
Simplified Consumer Choice 241
Transparency of Data Practices 241
8.6 Privacy Notices 242
Notice Requirements 243
Notice Content 243
Notice Structure 246
Mobile App Privacy Notices 246
Privacy Notice Design Space 248
8.7 Tracking 250
Cookies 250
Other Tracking Technologies 253
Do Not Track 254
8.8 Key Terms and Review Questions 254
Key Terms 254
Review Questions 255
8.9 References 255
Chapter 9: Other PET Topics 258
9.1 Data Loss Prevention 258
Data Classification and Identification 259
Data States 260
DLP for Email 262
DLP Model 263
9.2 The Internet of Things 266
Things on the Internet of Things 266
Components of IoT-Enabled Things 266
IoT and Cloud Context 267
9.3 IoT Security 270
IoT Device Capabilities 270
Security Challenges of the IoT Ecosystem 271
IoT Security Objectives 273
9.4 IoT Privacy 274
An IoT Model 275
Privacy Engineering Objectives and Risks 276
Challenges for Organizations 278
9.5 Cloud Computing 280
Cloud Computing Elements 280
Threats for Cloud Service Users 284
9.6 Cloud Privacy 285
Data Collection 286
Storage 287
Sharing and Processing 290
Deletion 290
9.7 Key Terms and Review Questions 290
Key Terms 290
Review Questions 291
9.8 References 291
PART V: INFORMATION PRIVACY MANAGEMENT 293
Chapter 10: Information Privacy Governance and Management 294
10.1 Information Security Governance 295
Information Security Management System 295
Information Security Governance Concepts 295
Security Governance Components 298
Integration with Enterprise Architecture 303
Policies and Guidance 307
10.2 Information Privacy Governance 308
Information Privacy Roles 308
The Privacy Program Plan 312
10.3 Information Privacy Management 315
Key Areas of Privacy Management 316
Privacy Planning 317
Privacy Policy 319
10.4 OASIS Privacy Management Reference Model 322
Privacy Management Reference Model and Methodology (PMRM) 322
Privacy by Design Documentation for Software Engineers 328
10.5 Key Terms and Review Questions 331
Key Terms 331
Review Questions 331
10.6 Reference 332
Chapter 11: Risk Management and Privacy Impact Assessment 334
11.1 Risk Assessment 335
Risk Assessment Process 335
Risk Assessment Challenges 339
Quantitative Risk Assessment 340
Qualitative Risk Assessment 342
11.2 Risk Management 346
NIST Risk Management Framework 347
ISO 27005: Information Security Risk Management 348
Risk Evaluation 351
Risk Treatment 352
11.3 Privacy Risk Assessment 353
Privacy Impact 356
Likelihood 361
Assessing Privacy Risk 363
11.4 Privacy Impact Assessment 365
Privacy Threshold Analysis 365
Preparing for a PIA 366
Identify PII Information Flows 367
Identify Potential User Behavior 367
Determine Relevant Privacy Safeguarding Requirements 368
Assess Privacy Risk 368
Determine Risk Treatment 368
The PIA Report 369
Implement Risk Treatment 370
Review/Audit Implementation 370
Examples 371
11.5 Key Terms and Review Questions 371
Key Terms 371
Review Questions 372
11.6 References 372
Chapter 12: Privacy Awareness, Training, and Education 374
12.1 Information Privacy Awareness 376
Awareness Topics 377
Awareness Program Communication Materials 378
Awareness Program Evaluation 379
12.2 Privacy Training and Education 380
Cybersecurity Essentials 380
Role-Based Training 381
Education and Certification 383
12.3 Acceptable Use Policies 384
Information Security Acceptable Use Policy 384
PII Acceptable Use Policy 386
12.4 Key Terms and Review Questions 386
Key Terms 386
Review Questions 387
12.5 References 387
Chapter 13: Event Monitoring, Auditing, and Incident Response 388
13.1 Event Monitoring 388
Security Event Logging 389
Security Event Management 391
Event Logging Related to PII 392
13.2 Information Security Auditing 393
Data to Collect for Auditing 394
Internal and External Audits 395
Security Audit Controls 396
13.3 Information Privacy Auditing 398
Privacy Audit Checklist 398
Privacy Controls 400
13.4 Privacy Incident Management and Response 401
Objectives of Privacy Incident Management 401
Privacy Incident Response Team 402
Preparing for Privacy Incident Response 403
Detection and Analysis 405
Containment, Eradication, and Recovery 406
Notification to Affected Individuals 407
Post-Incident Activity 408
13.5 Key Terms and Review Questions 409
Key Terms 409
Review Questions 410
13.6 References 410
Part VI: Legal and Regulatory Requirements 411
Chapter 14: The EU General Data Protection Regulation 412
14.1 Key Roles and Terms in the GDPR 413
14.2 Structure of the GDPR 415
14.3 GDPR Objectives and Scope 417
Objectives 417
Scope of the GDPR 418
14.4 GDPR Principles 420
Fairness421
Lawful 422
Transparency 423
14.5 Restrictions on Certain Types of Personal Data 423
Children’s Personal Data 423
Special Categories of Personal Data 424
14.6 Rights of the Data Subject 426
14.7 Controller, Processor, and Data Protection Officer 428
Data Protection by Design and Default 428
Records of Processing Activities 429
Security of Processing 431
Data Protection Officer 431
14.8 Data Protection Impact Assessment 433
Risk and High Risk 433
Determining Whether a DPIA Is Needed 434
DPIA Process 436
GDPR Requirements 438
Criteria for an Acceptable DPIA 439
14.9 Key Terms and Review Questions 441
Key Terms 441
Review Questions 441
14.10 References 442
Chapter 15: U.S. Privacy Laws 444
15.1 A Survey of Federal U.S. Privacy Laws 445
15.2 Health Insurance Portability and Accountability Act 449
HIPAA Overview 449
HIPAA Privacy Rule 450
15.3 Health Information Technology for Economic and Clinical Health Act 456
Breach Notification 456
Encryption of PHI 457
Data Destruction 459
15.4 Children’s Online Privacy Protection Act 460
General Provisions 460
The COPPA Final Rule 461
15.5 California Consumer Privacy Act 462
Basic Concepts 462
Rights of Consumers 466
Comparison with the GDPR 468
15.6 Key Terms and Review Questions 470
Key Terms 470
Review Questions 470
15.7 References 471
Index 472
Appendix (Online Only): Answers to Review Questions
PART I: OVERVIEW 1
Chapter 1: Security and Cryptography Concepts 2
1.1 Cybersecurity, Information Security, and Network Security 2
Security Objectives 3
The Challenges of Information Security 5
1.2 Security Attacks 6
Passive Attacks 8
Active Attacks 8
1.3 Security Services 10
Authentication 10
Access Control 11
Data Confidentiality 11
Data Integrity 11
Nonrepudiation 12
Availability Service 12
1.4 Security Mechanisms 12
1.5 Cryptographic Algorithms 13
Keyless Algorithms 14
Single-Key Algorithms 14
Two-Key Algorithms 15
1.6 Symmetric Encryption 15
1.7 Asymmetric Encryption 17
1.8 Cryptographic Hash Functions 20
1.9 Digital Signatures 22
1.10 Practical Considerations 23
Selection of Cryptographic Algorithms and Key Lengths 23
Implementation Considerations 24
Lightweight Cryptographic Algorithms 24
Post-Quantum Cryptographic Algorithms 25
1.11 Public-Key Infrastructure 25
Public-Key Certificates 25
PKI Architecture 27
1.12 Network Security 29
Communications Security 29
Device Security 30
1.13 Key Terms and Review Questions 30
Key Terms 30
Review Questions 31
1.14 References 31
Chapter 2: Information Privacy Concepts 32
2.1 Key Privacy Terminology 32
2.2 Privacy by Design 35
Privacy by Design Principles 35
Requirements and Policy Development 37
Privacy Risk Assessment 37
Privacy and Security Control Selection 39
Privacy Program and Integration Plan 40
2.3 Privacy Engineering 41
Privacy Implementation 44
System Integration 44
Privacy Testing and Evaluation 45
Privacy Auditing and Incident Response 45
2.4 Privacy and Security 46
Areas of Overlap Between Security and Privacy 46
Trade-Offs Between Security and Privacy 48
2.5 Privacy Versus Utility 48
2.6 Usable Privacy 49
Users of Privacy Services and Functions 50
Usability and Utility 50
2.7 Key Terms and Review Questions 50
Key Terms 50
Review Questions 51
2.8 References 51
PART II: PRIVACY REQUIREMENTS AND THREATS 53
Chapter 3: Information Privacy Requirements and Guidelines 54
3.1 Personally Identifiable Information and Personal Data 55
Sources of PII 57
Sensitivity of PII 58
3.2 Personal Information That Is Not PII 59
3.3 Fair Information Practice Principles 63
3.4 Privacy Regulations 66
European Union 66
U.S. Privacy Laws and Regulations 67
3.5 Privacy Standards 68
International Organization for Standardization (ISO) 69
National Institute of Standards and Technology 77
3.6 Privacy Best Practices 88
Information Security Forum (ISF) 88
Cloud Security Alliance (CSA) 90
3.7 Key Terms and Review Questions 91
Key Terms 91
Review Questions 91
3.8 References 92
Chapter 4: Information Privacy Threats and Vulnerabilities 94
4.1 The Evolving Threat Environment 95
Overall Impact of Advances in Technology 95
Repurposing Collected Data 96
Means of Collection of PII 96
4.2 Privacy Threat Taxonomy 97
Information Collection 98
Information Processing 98
Information Dissemination 98
Invasions 99
4.3 NIST Threat Model 100
4.4 Threat Sources 105
4.5 Identifying Threats 106
4.6 Privacy Vulnerabilities 108
Vulnerability Categories 108
Location of Privacy Vulnerabilities 109
National Vulnerability Database and Common Vulnerability Scoring System 110
4.7 Key Terms and Review Questions 114
Key Terms 114
Review Questions 115
4.8 References 116
PART III: TECHNICAL SECURITY CONTROLS FOR PRIVACY 117
Chapter 5: System Access 118
5.1 System Access Concepts 119
Privileges 119
System Access Functions 120
Privacy Considerations for System Access 121
5.2 Authorization 122
Privacy Authorization 123
5.3 User Authentication 124
Means of Authentication 125
Multifactor Authentication 126
A Model for Electronic User Authentication 127
5.4 Access Control 129
Subjects, Objects, and Access Rights 130
Access Control Policies 131
Discretionary Access Control 131
Role-Based Access Control 133
Attribute-Based Access Control 135
5.5 Identity and Access Management 140
IAM Architecture 140
Federated Identity Management 142
5.6 Key Terms and Review Questions 144
Key Terms 144
Review Questions 145
5.7 Reference 145
Chapter 6: Malicious Software and Intruders 146
6.1 Malware Protection Activities 147
Types of Malware 147
The Nature of the Malware Threat 149
Practical Malware Protection 150
6.2 Malware Protection Software 153
Capabilities of Malware Protection Software 153
Managing Malware Protection Software 154
6.3 Firewalls 155
Firewall Characteristics 155
Types of Firewalls 156
Next-Generation Firewalls 163
DMZ Networks 164
The Modern IT Perimeter 165
6.4 Intrusion Detection 166
Basic Intrusion Detection Principles 167
Approaches to Intrusion Detection 167
Host-Based Intrusion Detection Techniques 169
Network-Based Intrusion Detection Systems 169
IDS Best Practices 171
6.5 Key Terms and Review Questions 172
Key Terms 172
Review Questions 173
6.6 References 174
PART IV: PRIVACY ENHANCING TECHNOLOGIES 175
Chapter 7: Privacy in Databases 176
7.1 Basic Concepts 178
Personal Data Attributes 179
Types of Data Files 180
7.2 Re-Identification Attacks 183
Types of Attacks 184
Potential Attackers 186
Disclosure Risks 186
Applicability to Privacy Threats 187
7.3 De-Identification of Direct Identifiers 188
Anonymization 189
Pseudonymization 189
7.4 De-Identification of Quasi-Identifiers in Microdata Files 190
Privacy-Preserving Data Publishing 192
Disclosure Risk Versus Data Utility 193
PPDP Techniques 194
7.5 K-Anonymity, L-Diversity, and T-Closeness 196
K-Anonymity 196
L-Diversity 198
T-Closeness 199
7.6 Summary Table Protection 199
Frequency Tables 200
Magnitude Tables 203
7.7 Privacy in Queryable Databases 204
Privacy Threats 205
Protecting Queryable Databases 206
7.8 Key Terms and Review Questions 211
Key Terms 211
Review Questions 212
7.9 References 212
Chapter 8: Online Privacy 214
8.1 The Online Ecosystem for Personal Data 215
8.2 Web Security and Privacy 217
Web Server Security and Privacy 218
Web Application Security and Privacy 219
Web Browser Security and Privacy 222
8.3 Mobile App Security 224
Mobile Ecosystem 224
Mobile Device Vulnerabilities 225
BYOD Policies 227
Mobile Application Vetting 229
Resources for Mobile Device Security 230
8.4 Online Privacy Threats 231
Web Application Privacy 231
Mobile App Privacy 232
8.5 Online Privacy Requirements 234
Online Privacy Principles 234
Online Privacy Framework 236
Simplified Consumer Choice 241
Transparency of Data Practices 241
8.6 Privacy Notices 242
Notice Requirements 243
Notice Content 243
Notice Structure 246
Mobile App Privacy Notices 246
Privacy Notice Design Space 248
8.7 Tracking 250
Cookies 250
Other Tracking Technologies 253
Do Not Track 254
8.8 Key Terms and Review Questions 254
Key Terms 254
Review Questions 255
8.9 References 255
Chapter 9: Other PET Topics 258
9.1 Data Loss Prevention 258
Data Classification and Identification 259
Data States 260
DLP for Email 262
DLP Model 263
9.2 The Internet of Things 266
Things on the Internet of Things 266
Components of IoT-Enabled Things 266
IoT and Cloud Context 267
9.3 IoT Security 270
IoT Device Capabilities 270
Security Challenges of the IoT Ecosystem 271
IoT Security Objectives 273
9.4 IoT Privacy 274
An IoT Model 275
Privacy Engineering Objectives and Risks 276
Challenges for Organizations 278
9.5 Cloud Computing 280
Cloud Computing Elements 280
Threats for Cloud Service Users 284
9.6 Cloud Privacy 285
Data Collection 286
Storage 287
Sharing and Processing 290
Deletion 290
9.7 Key Terms and Review Questions 290
Key Terms 290
Review Questions 291
9.8 References 291
PART V: INFORMATION PRIVACY MANAGEMENT 293
Chapter 10: Information Privacy Governance and Management 294
10.1 Information Security Governance 295
Information Security Management System 295
Information Security Governance Concepts 295
Security Governance Components 298
Integration with Enterprise Architecture 303
Policies and Guidance 307
10.2 Information Privacy Governance 308
Information Privacy Roles 308
The Privacy Program Plan 312
10.3 Information Privacy Management 315
Key Areas of Privacy Management 316
Privacy Planning 317
Privacy Policy 319
10.4 OASIS Privacy Management Reference Model 322
Privacy Management Reference Model and Methodology (PMRM) 322
Privacy by Design Documentation for Software Engineers 328
10.5 Key Terms and Review Questions 331
Key Terms 331
Review Questions 331
10.6 Reference 332
Chapter 11: Risk Management and Privacy Impact Assessment 334
11.1 Risk Assessment 335
Risk Assessment Process 335
Risk Assessment Challenges 339
Quantitative Risk Assessment 340
Qualitative Risk Assessment 342
11.2 Risk Management 346
NIST Risk Management Framework 347
ISO 27005: Information Security Risk Management 348
Risk Evaluation 351
Risk Treatment 352
11.3 Privacy Risk Assessment 353
Privacy Impact 356
Likelihood 361
Assessing Privacy Risk 363
11.4 Privacy Impact Assessment 365
Privacy Threshold Analysis 365
Preparing for a PIA 366
Identify PII Information Flows 367
Identify Potential User Behavior 367
Determine Relevant Privacy Safeguarding Requirements 368
Assess Privacy Risk 368
Determine Risk Treatment 368
The PIA Report 369
Implement Risk Treatment 370
Review/Audit Implementation 370
Examples 371
11.5 Key Terms and Review Questions 371
Key Terms 371
Review Questions 372
11.6 References 372
Chapter 12: Privacy Awareness, Training, and Education 374
12.1 Information Privacy Awareness 376
Awareness Topics 377
Awareness Program Communication Materials 378
Awareness Program Evaluation 379
12.2 Privacy Training and Education 380
Cybersecurity Essentials 380
Role-Based Training 381
Education and Certification 383
12.3 Acceptable Use Policies 384
Information Security Acceptable Use Policy 384
PII Acceptable Use Policy 386
12.4 Key Terms and Review Questions 386
Key Terms 386
Review Questions 387
12.5 References 387
Chapter 13: Event Monitoring, Auditing, and Incident Response 388
13.1 Event Monitoring 388
Security Event Logging 389
Security Event Management 391
Event Logging Related to PII 392
13.2 Information Security Auditing 393
Data to Collect for Auditing 394
Internal and External Audits 395
Security Audit Controls 396
13.3 Information Privacy Auditing 398
Privacy Audit Checklist 398
Privacy Controls 400
13.4 Privacy Incident Management and Response 401
Objectives of Privacy Incident Management 401
Privacy Incident Response Team 402
Preparing for Privacy Incident Response 403
Detection and Analysis 405
Containment, Eradication, and Recovery 406
Notification to Affected Individuals 407
Post-Incident Activity 408
13.5 Key Terms and Review Questions 409
Key Terms 409
Review Questions 410
13.6 References 410
Part VI: Legal and Regulatory Requirements 411
Chapter 14: The EU General Data Protection Regulation 412
14.1 Key Roles and Terms in the GDPR 413
14.2 Structure of the GDPR 415
14.3 GDPR Objectives and Scope 417
Objectives 417
Scope of the GDPR 418
14.4 GDPR Principles 420
Fairness421
Lawful 422
Transparency 423
14.5 Restrictions on Certain Types of Personal Data 423
Children’s Personal Data 423
Special Categories of Personal Data 424
14.6 Rights of the Data Subject 426
14.7 Controller, Processor, and Data Protection Officer 428
Data Protection by Design and Default 428
Records of Processing Activities 429
Security of Processing 431
Data Protection Officer 431
14.8 Data Protection Impact Assessment 433
Risk and High Risk 433
Determining Whether a DPIA Is Needed 434
DPIA Process 436
GDPR Requirements 438
Criteria for an Acceptable DPIA 439
14.9 Key Terms and Review Questions 441
Key Terms 441
Review Questions 441
14.10 References 442
Chapter 15: U.S. Privacy Laws 444
15.1 A Survey of Federal U.S. Privacy Laws 445
15.2 Health Insurance Portability and Accountability Act 449
HIPAA Overview 449
HIPAA Privacy Rule 450
15.3 Health Information Technology for Economic and Clinical Health Act 456
Breach Notification 456
Encryption of PHI 457
Data Destruction 459
15.4 Children’s Online Privacy Protection Act 460
General Provisions 460
The COPPA Final Rule 461
15.5 California Consumer Privacy Act 462
Basic Concepts 462
Rights of Consumers 466
Comparison with the GDPR 468
15.6 Key Terms and Review Questions 470
Key Terms 470
Review Questions 470
15.7 References 471
Index 472
Appendix (Online Only): Answers to Review Questions