This privacy risk calculator considers the privacy risks imposed on a single group of individuals from a single group of threat actors. In a robust analysis, one should consider the risks imposed by multiple threat actors on all the affected individuals.
This risk model is based on a modified version of FAIR (Factors Analysis in Information Risk) [See below]. The calculator analyses risks to individuals, not organizational risk. The risk level is determined by the frequency that a privacy violation is committed against an individual and the magnitude of that violation across the population of affected individuals.
This tool uses the Solove Taxonomy of Privacy to identify the magnitude of consequences of certain activities. The goal of this is to identify and reduce the incidence of activities which social norms dictate are invasive of individuals privacy. For more information on why harms are considered secondary consequences under this model, see this article. .
|Your profile most likely looks like the graph at right. If your risk profile (in red) extends to the right of the population (in blue), this means that most individuals will expect more than one privacy violation per year. This means, you'll need to institute controls to mitigate these risks, after which your residual risk should be within your acceptable risk tolerance levels. [This tool currently does not provide a mechanism for assessing the effects of controls on your risk level]|
|If your risk profile is between the population and your risk tolerance (in yellow), then you have unacceptable privacy risks according to your risk tolerance level.|
|If your risk profile falls to the left of or within the risk tolerance profile, congratulations, your privacy risks are within acceptable limits.|
combining of various pieces of personal information
linking of information to a particular individual
carelessness in protecting information from leaks or improper access
using personal information for a purpose other than the purpose for which is was collected
failing to let an individual know about the data that others have about them and participate in its handling or use
|Breach of Confidentiality
breaking a promise to keep a person's information confidential
revealing truthful personal information about a person that impacts the ways others judge their character or impacts their security
revealing an individual’s nudity, grief, or bodily functions
amplifying the accessibility of personal information
threatening to disclose personal information
using an individual’s identity to serve the aims and interests of another
disseminating false or misleading information about an individuals
watching, listening to, or recording of an individual's activities
questioning or probing for personal information
disturbing an individual’s tranquility or solitude
intruding into an individual’s decision regarding their private affairs