A Conceptual Model for Assessing Privacy Risk
(World Economic Forum Cyber Security Centre, Strategic Advisory Board Member World Economic Forum Cyber Security Centre, Strategic
Advisory Board Member)
Privacy is not a binary concept, the level of privacy enjoyed by an individual or organisation will depend upon the context
within which it is being considered; the more data at attacker has access to the more potential there may be for privacy compromise.
We lack a model which considers the different contexts that exist in current systems, which would underpin a measurement system
for determining the level of privacy risk that might be faced. This project would seek to develop a prototype model – based
on a survey of known privacy breaches and common practices in data sharing. The objective being to propose a method by which
privacy risk might be considered taking into consideration the variety of (threat and data-sharing) contexts that any particular
person or organisation might be subjected to. It is likely that a consideration of the differences and similarities of the
individual or organisational points of view will need to be made, since the nature of contexts faced could be quite diverse.