A systematic methodology for privacy impact assessments: a design science approach

Spiekermann-Hoff, Sarah and Oetzel, Marie Caroline (2014) A systematic methodology for privacy impact assessments: a design science approach. European Journal of Information Systems (EJIS), 23 (2). pp. 128-150. ISSN 1476-9344


Download (4MB)


For companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting these data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company's reputation and finances, as well as negative effects for customers or employees (data subjects). To address this problem, we propose a methodology that systematically considers privacy issues by using a step-by-step privacy impact assessment (PIA). Existing PIA approaches cannot be applied easily because they are improperly structured or imprecise and lengthy. We argue that companies that employ our PIA can achieve "privacy-by-design", which is widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications.

Item Type: Article
Additional Information: This is a post-peer-review, pre-copyedit version of an article published in EJIS. The definitive publisher-authenticated version [insert complete citation information here, including DOI] is available online at: http://dx.doi.org/10.1057/ejis.2013.18. To see the final version of this paper please visit the publisher's website. Access to the published version requires a subscription.
Keywords: privacy impact assessment, privacy-by-design, security risk, assessment design science
Divisions: Departments > Informationsverarbeitung u Prozessmanag.
Version of the Document: Accepted for Publication
Depositing User: Gertraud Novotny
Date Deposited: 24 Mar 2017 12:46
Last Modified: 24 Mar 2017 13:38
Related URLs:
FIDES Link: https://bach.wu.ac.at/d/research/results/67745/
URI: https://epub.wu.ac.at/id/eprint/5495


View Item View Item


Downloads per month over past year

View more statistics