Presentation on theme: "Privacy By Design Draft Privacy Use Case Template"— Presentation transcript:
1 Privacy By Design Draft Privacy Use Case Template
2 Privacy Template Purpose Standardized format enabling description of a specific Privacy Use Case in which personal information or personally identifiable information is involved and the focus is on software developersProvide an inventory of Privacy Use Case components and the responsible parties that directly affect software development for the Use CaseSegment Privacy Use Case components in a manner generally consistent with the OASIS PMRM v1.0 Committee SpecificationEnable understanding of the relationship of the privacy responsibilities of software developers vis-à-vis other relevant Privacy Use Case stakeholdersBring insights to the privacy aspect when moving through the different stages of the privacy life-cycleMay be extended to address predicates for software developers (training, privacy management maturity, etc.)Does not specify an implementer’s SDLC methodology, development practices or in-house data collection, data analysis or modeling toolsOverall value as a tool to increase opportunities to achieve Privacy by Design in applications by extracting and making visible required privacy properties
3 Where are boundaries of software engineers/developers responsibilities with respect to other stakeholders for Privacy by Design? Use case template can help answer this question.
4 Privacy Use Case Template Privacy Use Case TitleSystemsPrivacy ControlsFunctional ServicesDescriptionData SubjectsApplication(s)PI/PIIRegulatory and Business PoliciesData FlowsTouch PointsDomains, Owners, RolesProducts
5 Foundational Information Use Case Title and DescriptionData subject(s) associated with Use Case (Include any data subjects associated with any of the applications in the use case)Application(s) associated with Use Case (Relevant applications and products where personal information is communicated, created, processed, stored or deleted and requiring software development)
6 Foundational Information (continued) 4. PI and PII covered by the Use Case (The PI and PII collected, created, communicated, processed, stored or deleted within privacy domains or systems, applications or products) [Note: per domain, system, application or product depending on level of use case development] 5. Legal, regulatory and /or business policies governing PI and PII in the Use Case (The policies and regulatory requirements governing privacy conformance within use case domains or systems and links to their sources)
7 Stakeholder Information 6. Domains, Domain Owners, and Roles associated with Use Case – Definitions:Domains - both physical areas (such as a customer site or home) and logical areas (such as a wide-area network or cloud computing environment) that are subject to the control of a particular domain ownerDomain Owners - the Participants responsible for ensuring that privacy controls and functional services are defined or managed in business processes and technical systems within a given domain [Note: This should cover the different views and perspectives of the Use Case by identifying those stakeholders (business person and/or privacy person may have a different perspective)Roles - the roles and responsibilities assigned to specific Participants and Systems within a specific privacy domain
8 7. Data Flows and Touch Points Linking Domains or Systems Use Case Development7. Data Flows and Touch Points Linking Domains or SystemsTouch points - the points of intersection of data flows with privacy domains or systems within privacy domainsData flows – data exchanges carrying PI and privacy policies among domains in the use case
9 Use Case Development8. Data Flows and Touch Points Linking Domains or Systems – ExampleHudson MotorsCommunications DivisionVehicle Backend Data OperationsVehicle Web PortalVehicle Communications System
10 Systems under Development 9. Systems supporting the Use Case applications (System - a collection of components organized to accomplish a specific function or set of functions having a relationship to operational privacy management)
11 Privacy Controls10. Privacy controls required for developer implementationControl - a process designed to provide reasonable assurance regarding the achievement of stated objectives [Note: to be developed against specific domain, system, or applications as required by internal governance policies and regulations]
12 Use Case Development12. Functional Services Necessary to Support Privacy ControlsService - a collection of related functions and mechanisms that operate for a specified purpose
Your consent to our cookies if you continue to use this website.