Professional Documents
Culture Documents
Tasks:
1. Assess likelihood (Tab 2: Likelihood).
2. Assess impact (Tab 3: Impact).
3. Calculate risk (Tab 4: Risk).
4. Prioritize risk (Tab 5: Risk Prioritization SAMPLE & Tab 6: Risk Prioritization INPUT).
Guidance:
Likelihood: Probability that a data action will become problematic for representative or typical individuals
system/product/service.
Assessment: Determine on a scale from 1-10 the estimated expected probability of occurrence for each
can use any scale they prefer as long as they use the same scale throughout the process.
Prior Worksheet Inputs:
Problematic Data Actions Catalog: See Catalog of PDAP. The catalog may be used as a way to catego
highlighted in the summary issues column. As noted in Worksheet 2, a summary issue may alleviate, rath
should be scored as 0.
Problems for Individuals Catalog: See Catalog of PDAP. Problematic data actions may create the poten
have a higher likelihood of occurrence than others. If the data action ultimately is scored as risky, scoring
effective to mitigate the risk of the highest scored problem(s), thereby lowering the score of the data action
Example:
Data Actions
Data Actions
sess Likelihood
obability that a data action will become problematic for representative or typical individuals whose data is being proce
/service.
Determine on a scale from 1-10 the estimated expected probability of occurrence for each potential problem for indivi
ale they prefer as long as they use the same scale throughout the process.
et Inputs: Data actions and associated summary issues from Worksheet 2.
ata Actions Catalog: See Catalog of PDAP. The catalog may be used as a way to categorize the adverse effects th
he summary issues column. As noted in Worksheet 2, a summary issue may alleviate, rather than raise concerns abo
ed as 0.
ndividuals Catalog: See Catalog of PDAP. Problematic data actions may create the potential for more than one typ
kelihood of occurrence than others. If the data action ultimately is scored as risky, scoring the problems separately m
gate the risk of the highest scored problem(s), thereby lowering the score of the data action as a whole to an accepta
Summary Issues
Full social credential profile access (including picture and list of friends)
is not necessary for fulfilling operational purpose.
Summary Issues
urrence for each potential problem for individuals with 10 being most problematic. Organizations
s.
2.
s a way to categorize the adverse effects that could arise from the issues or questions
may alleviate, rather than raise concerns about adverse effects. In that case, the summary issue
y create the potential for more than one type of problem. However, some of the problems may
as risky, scoring the problems separately may help pinpoint what type of control would be most
of the data action as a whole to an acceptable level.
Problematic Data
Potential Problems for Individuals Likelihood
Actions
Dignity Loss: Information is revealed
about the individual that could be 7
embarrassing or discomfiting.
-
Surveillance
Problematic Data
Potential Problems for Individuals Likelihood
Actions
Guidance:
Although individuals experience problems directly, it may be difficult for an organization to assess the imp
worksheet is not intended to prevent organizations from assessing the direct impact of problems on individ
unable to do so, organizational impact factors as secondary costs absorbed by the organization can be us
impact assessment.
Assessment: Determine on a scale from 1-10 the estimated effect of each potential problem for individua
organizational impact factors. The assigned values are added to calculate organizational impact per poten
Prior Worksheet Inputs: Relevant inputs from Worksheet 1. For example, in considering noncompliance
or obligations identified in the legal environment box or policy statements made about privacy. In consider
commitments to privacy principles or mission values, etc.
Example:
s, etc.
ndonment or avoidance, etc.
-Appropriation
Potential Problems
Problematic Data Actions Organizational Im
for Individuals
-
Induced disclosure Noncompliance Costs
Dignity Loss 7
-Surveillance
Loss of Trust 7
-Surveillance
Potential Problems
Problematic Data Actions Organizational Im
for Individuals
Noncompliance Costs
Total Business
Organizational Impact Factors Impact (per
Potential Problem)
6 6 4 23
6 8 4 25
6 8 7 28
Total Business
Organizational Impact Factors Impact (per
Potential Problem)
Direct Business Reputational Internal Culture
Other
Costs Costs Costs
0
Guidance:
Risk per Data Action : Apply the risk equation to the outputs of the Likelihood tab and Impact tab to dete
action. The estimated likelihood for each potential problem for individuals per data action is multiplied by i
estimated risk per potential problem. The sum of the estimated risks for each potential problem for individu
action.
Example:
Dignity Loss 7 23
Collection from the Social Media Site
Loss of Autonomy 2 25
Loss of Trust 6 28
Economic Loss 6 32
DA2 Loss of Autonomy 5 19
Loss of Trust 2 15
Loss of Trust 6 25
DA3 Dignity Loss 7 36
Loss of Liberty 5 35
DA4 Loss of Trust 5 48
Economic Loss 6 37
Loss of Autonomy 5 20
DA5 Discrimination 3 25
Loss of Trust 8 33
Dignity Loss 4 40
Loss of Trust 5 22
DA6 Loss of Autonomy 5 32
Dignity Loss 6 28
Loss of Autonomy 8 43
Dignity Loss 9 10
DA7
Economic Loss 7 27
Loss of Trust 4 9
Loss of Autonomy 4 13
Dignity Loss 9 32
DA8
Economic Loss 8 15
Loss of Trust 6 9
Loss of Trust 3 39
DA9
Loss of Liberty 2 48
Loss of Trust 4 14
DA10 Economic Loss 6 9
Dignity Loss 3 17
161
379
50
168
192
95 317
30
150
252 577
175
240 240
222
100
75 821
264
160
110
160 438
168
344
90
659
189
36
52
288
514
120
54
117
213
96
56
54 161
51
Guidance:
Top 5 Outliers Table: Red cells indicate the five (5) highest likelihood and impact results per potential
problems for individuals per data action. Each potential problem for individuals is assigned a point label
which is plotted on the adjacent heat map as a function of its assigned likelihood and impact values.
Potential Problems
Data Actions Point Label Likelihood
for Individuals
Dignity Loss A 7
Collection from the Social Media
Loss of Autonomy B 2
Site
Loss of Trust C 6
Economic Loss D 6
DA2 Loss of Autonomy E 5
Loss of Trust F 2
Loss of Trust G 6
DA3 Dignity Loss H 7
Loss of Liberty I 5
DA4 Loss of Trust J 5
Economic Loss K 6
Loss of Autonomy L 5
DA5 Discrimination M 3
Loss of Trust N 8
Dignity Loss O 4
Loss of Trust P 5
DA6 Loss of Autonomy Q 5
Dignity Loss R 6
Loss of Autonomy S 8
Dignity Loss T 9
DA7
Economic Loss U 7
Loss of Trust V 4
Loss of Autonomy W 4
Dignity Loss X 9
DA8
Economic Loss Y 8
Loss of Trust Z 6
Loss of Trust AA 3
DA9
Loss of Liberty BB 2
Loss of Trust CC 4
DA10 Economic Loss DD 6
Dignity Loss EE 3
ts estimated percentage of
e total estimated risk per data
column is the estimated risk
column assigns relative
45
40 15; 40
27; 39
_x000D_ Classification - Restricted
#
35
Problem Pr
Classification - Restricted #_x000D_Risk Prioritization SAMPLE
50
28; 48
45
Impact
40 15; 40
23 27; 39
25
28
32 35
19
15
25
30
36
35
48
Impact
37 25 2; 25 13; 25
20
25
33
40 20
22
32 31; 17
28
15 6; 15
43 29; 14
10 23; 13
27
9 10
13 22; 9
32
15
9 5
39
48
14
0
9
1 2 3 4
17
10; 48
19; 43
15; 40
27; 39
_x000D_
11; 37Classification - Restricted
#
8; 36
9; 35
Problem Prioritization Heat Map
Classification - Restricted #_x000D_Risk Prioritization SAMPLE
10; 48
19; 43
15; 40
27; 39
11; 37
8; 36
9; 35
14; 33
17; 32 4; 32 24; 32
18; 28
3; 28
21; 27
13; 25 7; 25
1; 23
16; 22
12; 20
5; 19
31; 17
25; 15
29; 14
23; 13
20; 10
22; 9 30; 9
26; 9
3 4 5 6 7 8 9 10
Likelihood
24; 32
20; 10
10
System Risk Table: Indicates the estimated risk presented by a data action, its estimated percentage of
system risk, and its estimated ranking amongst other data actions. The risk column is the total estimated
risk per data action and colored to facilitate visual prioritization. The percent of system risk column is the
estimated risk per data action relative to all other data actions. The rank among data actions column
assigns relative values to the data actions pursuant to their estimated system risk percentage.
Guidance:
Top 5 Outliers Table: Red cells indicate the five (5) highest likelihood and impact results per potential
problems for individuals per data action. Each potential problem for individuals is assigned a point label
which is plotted on the adjacent heat map as a function of its assigned likelihood and impact values.
Potential Problems
Data Actions Point Label Likelihood
for Individuals
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
AA
BB
CC
DD
EE
of prioritization methods.
munication tool for their
he identified risks.
ts estimated percentage of
lumn is the total estimated
system risk column is the
g data actions column
risk percentage.
45
40
35
Problem Pr
Classification - Restricted #_x000D_Risk Prioritization INPUT
50
45
Impact
40
35
30
Impact
25
20
15
10
0
0 1 2 3 4
3 4 5 6 7 8 9 10
Likelihood
9 10