Primary Focus Area: Privacy Risk Assessment
Brief Description: FAIR Privacy is a quantitative privacy risk framework based on FAIR (Factors Analysis in Information Risk). FAIR Privacy examines personal privacy risks (to individuals), not organizational risks. Included in this tool is a PowerPoint deck illustrating the components of FAIR Privacy and an example based a hypothetical smart lock manufacturer. In addition, an Excel spreadsheet provides a powerful risk calculator using Monte Carlo simulation.
Additional Notes: V2.11 March 2022 Update: A revised version of the PowerPoint deck and calculator are provided based on the example used in the paper “Quantitative Privacy Risk” presented at the 2021 International Workshop on Privacy Engineering (https://ieeexplore.ieee.org/document/9583709). The newer Excel based calculator:
- uses a Poisson distribution for threat opportunity (previously Beta-PERT)
- uses Binomial distribution for Attempt Frequency and Violation Frequency (Note: inherent baseline risk assumes 100% vulnerability)
- provides a method of calculating organizational risk tolerance
- provides a second risk calculator for comparison between two risks for help prioritizing efforts
- provides a tab for comparing inherent/baseline risk to residual risk, risk tolerance and the other risk tab
- increased instructional text
- genericization of privacy harm and adverse tangible consequences
Some additional resources are provided in the PowerPoint deck.
Feedback and suggestions for improvement on both the framework and the included calculator are welcome. Additionally, analysis of the spreadsheet by a statistician is most welcome.
GitHub User Serving as POC (or Email Address): @privacymaverick
Affiliation/Organization(s) Contributing (if relevant): Enterprivacy Consulting Group