Foundations
This is a stub.
Foundations
Terminology
TODO:
Privacy by Design and Default
All data protection-relevant aspects related to the end user must be planned to be secure
All options for ensuring data protective behavior have to be preconfigured in a way a user can not accidentally lose personal information
Data access takes place in line with data economy principles
Data not immediately used may not be collected
Passing data to third parties requires an Opt-In from the user
Opt-In means that the user needs to explicitly confirm the data transfer beyond the scope of the application
Threats to Privacy
TODO: Entries marked with (CC) were taken from the Protection Profile for Mobile Device Fundamentals (PDF).
Risk Assessment
ideally after each Development Phase you need to reassess the risks.
Data Protection Goals
Classic Perspective
Confidentiality
Integrity
Availability
Legal Perspective
TODO: Explain the differences between the classical and the legal perspectives on CIA again? They are explained in the SDM.
Data Minimization
Availability
Integrity
Confidentiality
Unlinkability
Transparency
M. Hansen, Top 10 Mistakes in System Design from a Privacy Perspective and Privacy Protection Goals in Privacy and Identity Management for Life
Last updated