Centre for Information Policy Leadership
  • Home
  • About
    • CIPL Principals
    • Quarterly Reports
  • Membership
  • Events
    • Past Events
  • Projects
    • AI Project
    • Brazil AI Project
    • Organizational Accountability
    • Protecting Children's Data Privacy >
      • Policy Paper I: International Issues & Compliance Challenges
    • EU GDPR Implementation >
      • Global Readiness Benchmarks for GDPR
    • Enabling Data Driven Innovation and Big Data >
      • Privacy Risk Management
      • Transparency and User Controls
      • Updating Core Privacy Principles
    • Role of the DPO
    • Enabling Global Data Flows
    • Regional Focus and Outreach >
      • Effective LGPD
  • Resources
    • CIPL White Papers
    • Public Consultations
    • CIPL Articles
    • Hunton Andrews Kurth Privacy & Information Security Law Blog
  • CIPL Blog
  • Media
  • Contact Us
  • Home
  • About
    • CIPL Principals
    • Quarterly Reports
  • Membership
  • Events
    • Past Events
  • Projects
    • AI Project
    • Brazil AI Project
    • Organizational Accountability
    • Protecting Children's Data Privacy >
      • Policy Paper I: International Issues & Compliance Challenges
    • EU GDPR Implementation >
      • Global Readiness Benchmarks for GDPR
    • Enabling Data Driven Innovation and Big Data >
      • Privacy Risk Management
      • Transparency and User Controls
      • Updating Core Privacy Principles
    • Role of the DPO
    • Enabling Global Data Flows
    • Regional Focus and Outreach >
      • Effective LGPD
  • Resources
    • CIPL White Papers
    • Public Consultations
    • CIPL Articles
    • Hunton Andrews Kurth Privacy & Information Security Law Blog
  • CIPL Blog
  • Media
  • Contact Us

Privacy Risk Management

About the Project

CIPL has been engaged in a project to explore the “risk-based approach to privacy” and privacy risk management. This work arises from and is closely related to CIPL’s pioneering work on accountability.
 
As the pace of technological change highlights the limitations of conventional thinking, a risk-based approach will improve the ability of privacy officers and businesses to take a structured and pragmatic approach to information management and privacy protection. By fully understanding both the benefits and the potential risks of harm associated with new products and services, organizations are better positioned to devise appropriate mitigations and controls that both reduce the risk to an acceptable level and retain the desired benefits of the intended data processing as much as possible.

The project will examine the following questions:
  • What is meant by a “Risk-based Approach”?
  • How should the different types of harm which may impact on individuals best be articulated?
  • What are the main threats arising from the use of personal information which may lead to harm?
  • How can the likelihood of serious harm best be measured and mitigated?
  • What tools can be developed for businesses to turn this approach into concrete action?
  • What is the scope for regulators to adopt a more Risk-based Approach to Privacy?
  • What are the implications for the underlying objectives of privacy/data protection regulation?

​Download the project summary document.

Project White Papers and Articles

Paper 1: A Risk-based Approach to Privacy: Improving Effectiveness in Practice 
June 19, 2014

Paper 2: The Role of Risk Management in Data Protection 
December 1, 2014​


Protecting Privacy In a World of Big Data: Paper 2:  The Role of Risk Management  
February 16, 2016

Risk, High Risk, Risk Assessments and Data Protection Impact Assessments under the GDPR
December 21, 2016

Project Workshops and Webinars

  • January 2014 – Formation of steering committee and official launch of the project
  • February 2014 – Completion of initial discussion paper
  • March 20, 2014 – Workshop I in Paris with key stakeholders
  • April 29, 2014 – Pre-conference Seminar at IAPP Data Protection Intensive, London
  • June 19, 2014 – Publication of Phase I White Paper
  • November 18, 2014 – Workshop II in Brussels
  • March 3, 2015 – Workshop III in Washington, DC 
  • November 23, 2015 - Publication of Phase II White Paper
Copyright © 2022 by the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP.
Disclaimer | Privacy Policy | Cookies Policy | Contact
Picture
Picture