Steps in Risk Assessment Performance

Risk Assessment Stages 
  1. First, we must determine if there is a need for the risk assessment to be performed.
  2. Then, we will need to describe the flow of information (data life cycle) such as collection, processing, storage, usage and deletion.
  3. Next, we will identify privacy and related risks –including threats and vulnerabilities.
  4. Moreover, recording and summarizing risk assessment findings in a digestible, concise and readable format for the end user is necessary step.
  5. Finally, implementing the assessment findings and solutions into the project plan is the last step.

Comments

Post a Comment

all comments to this blog are moderated

Popular posts from this blog

Labcorp suffers a data breach

Data breaches are happening more frequently than most companies are willing to admit. Labcorp, one the nation’s largest medical diagnostic companies, released a statement yesterday stating that it is investigating a possible Data breach that may have occurred over the weekend. I applaud Labcorp for coming forth so early in the breach response process. What sets a company apart from pack is not only their efforts to prevent and breaches,  but how the structure their breach response polices. More than ever it is essential that effected parties are notified as soon as possible,  to prevent further harm to the party and further reputational harm to the company. You can read more about the Labcorp data breach clicking the hyperlinked text.
Read more

Meta (Facebook) is facing major data transfer hurdles

  By Victorianne Musonza, Privacy Counsel Meta was recently fined 400 Million Euros by the Irish Data Protection Commission for privacy violations, mainly because they failed to adhere to GDPR processing restrictions on personal data. According to Politico , Helen Dixon of the Irish DPC also seeks to prevent Meta from using standard contractual clauses (SCC) to facilitate personal data transfers from the EU to the US. Read more about this here .
Read more

ICO issues additional guidance on Privacy and Electronic Communications Regulations (PECR)

By Privacy Counsel What is PECR?  In February of this year, the Information Commissioner’s Office (ICO), or UK’s Data Protection Regulator, published additional guidance on the Privacy and Electronic Communications Regulations (PECR) , initially passed in 2003, on applying PECR to the DPA. How does PECR apply? There is frequently a lot of discussion around the e-Privacy Directive ( Directive 2009/136/EC ) and very little surrounding the UK. Although the UK is no longer part of the EU, it has adopted a GDPR national privacy law, The Data Protection Act (DPA). PECR applies in the context of UK residents specifically. The e-Privacy Directive applies to GDPR and EU residents. The chart below provides the similarities and distinctions between the two.    Differences from the E-Privacy Regulation PECR E-Privacy Directive Scope PECR applies to the transmission of unsolicited electronic messages to individuals in the UK. ePD applies to the processing of personal data and securit...
Read more