In a Communications of the ACM article, David Wright of Trilateral Research considers whether privacy impact assessments (PIAs) should be mandatory. As databases grow, so do data breaches. PIAs are a reasonable tool for any organization managing personal data, but are they enough? Wright says no; the most effective way to protect sensitive information is to use PIAs with a "combination of tools and strategies, which include complying with legislation and policy, using privacy-enhancing technologies and architectures and engaging in public education..." Whether PIAs will become mandatory, in the meantime, remains to be seen. (Registration may be required to access this story.)
If you want to comment on this post, you need to login.