Privacy Enhancement Measures
From Open Risk Manual
Definition
Privacy Enhancement Measures refers to all policies, organizational arrangements, technology solutions and other measures that an organization may undertake to enhance Data Privacy.
| Access Control Method | Methods which restrict access to a place or resource | |
| Anonymization | Altering personal data irreversibly such that a data subject can no longer be identified directly or indirectly, either by the data controller alone or in collaboration with any other party | |
| Authentication Protocols | Protocols involving validation of identity i.e. authentication of a person or information | |
| Authorisation Procedure | non-technical authorisation procedures: How is it described on an organisational level, who gets access to the data | |
| Certification | Certification mechanisms, seals, and marks for the purpose of demonstrating compliance | |
| Certification and Seal | Certifications, seals, and marks indicating compliance to regulations or practices | |
| Code of Conduct | A set of rules or procedures outlining the norms and practices for conducting activities | |
| Consultation | Consultation is a process of receiving feedback, advice, or opinion from an external agency | |
| Consultation with Authority | Consultation with an authority or authoritative entity | |
| Contract | Contractual terms governing data handling within the data controller | |
| Data Protection Impact Assessment (DPIA) | Top class: Impact Assessment, and DPIA is sub-class | |
| De-Identification | Conversion of identifiable personal data (PII) to un-identifiable personal data | |
| Design Standard | A set of rules or guidelines outlining criterias for design | |
| Encryption in Rest | Encryption of data when being stored (persistent encryption) | |
| Encryption in Transfer | Encryption of data in transit e.g. when being transferred from one location to another, including sharing | |
| GuidelinesPrinciple | Guidelines or Principles regarding processing and operational measures | |
| Impact Assessment | Calculating or determining the likelihood of impact of an existing or proposed process, which can involve risks or detriments. | |
| Legal Agreement | A legally binding agreement | |
| Non-Disclosure Agreement (NDA) | Non-disclosure Agreements e.g. preserving confidentiality of information | |
| Organisational Measure | Organisational measures required/followed when processing data of the declared category | |
| Privacy Impact Assessment | Carrying out an impact assessment regarding privacy risks | |
| Privacy by Default | Practices regarding selecting appropriate data protection and privacy measures as the 'default' in an activity or service | |
| Privacy by Design | Practices regarding incorporating data protection and privacy in the design of information and services | |
| Pseudo-Anonymization | PseudoAnonmyization or 'pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; | |
| Pseudonymisation and Encryption | Technical measures consisting of pseudoanonymization and encryption | |
| Regularity of Re-certification | Policy regarding repetition or renewal of existing certification(s) | |
| Risk Management Procedure | Data Protection Impact Assessments as per GDPR art 35, other Privacy Impact Assessments, threat severity assessment https://www.cnil.fr/en/privacy-impact-assessment-pia | |
| Risk Mitigation Measure | Measures intended to mitigate, minimise, or prevent risk. | |
| Seal | A seal or a mark indicating proof of certification to some certification or standard | |
| Single Sign On | Use of credentials or processes that enable using one set of credentials to authenticate multiple contexts. | |
| Staff Training | Practices and policies regarding training of staff members | |
| Storage Deletion | Deletion or Erasure of data including any deletion guarantees | |
| Storage Duration | Duration or temporal entity denoting limitation on storage of personal data | |
| Storage Location | Location or geospatial scope where the data is stored | |
| Storage Restoration | Regularity and temporal span of data restoration/backup mechanisms that guarantee that data is preserved | |
| Storage Restriction | Restrictions required or followed regarding storage of data | |
| Technical Measure | Technical measures required/followed when processing data of the declared category |
