“At this year’s IAPP Global Privacy Summit, I repeatedly encountered references to and quasi-explanations of the ‘risk-based approach’ to privacy,” writes information privacy and security engineer Stuart Shapiro, CIPP/US, CIPP/G. “The risk-based approach is, apparently, the new black now that accountability is no longer quite so chic,” he adds. “Taken at face value, it’s rather difficult to imagine a more damning indictment of the privacy profession” than to believe “we’ve only just started worrying about risks to individuals,” he writes. In this installment of Privacy Perspectives, Shapiro discusses the risks of the risk-based approach, suggesting, “We need additional privacy-risk models and far better privacy-risk management.”
If you want to comment on this post, you need to login.