Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy By Design Draft Privacy Use Case Template

Published byGabriela Louden Modified over 10 years ago

Similar presentations

Presentation on theme: "Privacy By Design Draft Privacy Use Case Template"— Presentation transcript:

1 Privacy By Design Draft Privacy Use Case Template

2 Privacy Template Purpose
Standardized format enabling description of a specific Privacy Use Case in which personal information or personally identifiable information is involved and the focus is on software developers Provide an inventory of Privacy Use Case components and the responsible parties that directly affect software development for the Use Case Segment Privacy Use Case components in a manner generally consistent with the OASIS PMRM v1.0 Committee Specification Enable understanding of the relationship of the privacy responsibilities of software developers vis-à-vis other relevant Privacy Use Case stakeholders Bring insights to the privacy aspect when moving through the different stages of the privacy life-cycle May be extended to address predicates for software developers (training, privacy management maturity, etc.) Does not specify an implementer’s SDLC methodology, development practices or in-house data collection, data analysis or modeling tools Overall value as a tool to increase opportunities to achieve Privacy by Design in applications by extracting and making visible required privacy properties

3 Where are boundaries of software engineers/developers responsibilities with respect to other stakeholders for Privacy by Design? Use case template can help answer this question.

4 Privacy Use Case Template
Privacy Use Case Title Systems Privacy Controls Functional Services Description Data Subjects Application(s) PI/PII Regulatory and Business Policies Data Flows Touch Points Domains, Owners, Roles Products

5 Foundational Information
Use Case Title and Description Data subject(s) associated with Use Case (Include any data subjects associated with any of the applications in the use case) Application(s) associated with Use Case (Relevant applications and products where personal information is communicated, created, processed, stored or deleted and requiring software development)

6 Foundational Information (continued)
4. PI and PII covered by the Use Case (The PI and PII collected, created, communicated, processed, stored or deleted within privacy domains or systems, applications or products) [Note: per domain, system, application or product depending on level of use case development] 5. Legal, regulatory and /or business policies governing PI and PII in the Use Case (The policies and regulatory requirements governing privacy conformance within use case domains or systems and links to their sources)

7 Stakeholder Information
6. Domains, Domain Owners, and Roles associated with Use Case – Definitions: Domains - both physical areas (such as a customer site or home) and logical areas (such as a wide-area network or cloud computing environment) that are subject to the control of a particular domain owner Domain Owners - the Participants responsible for ensuring that privacy controls and functional services are defined or managed in business processes and technical systems within a given domain [Note: This should cover the different views and perspectives of the Use Case by identifying those stakeholders (business person and/or privacy person may have a different perspective) Roles - the roles and responsibilities assigned to specific Participants and Systems within a specific privacy domain

8 7. Data Flows and Touch Points Linking Domains or Systems
Use Case Development 7. Data Flows and Touch Points Linking Domains or Systems Touch points - the points of intersection of data flows with privacy domains or systems within privacy domains Data flows – data exchanges carrying PI and privacy policies among domains in the use case

9 Use Case Development 8. Data Flows and Touch Points Linking Domains or Systems – Example Hudson Motors Communications Division Vehicle Backend Data Operations Vehicle Web Portal Vehicle Communications System

10 Systems under Development
9. Systems supporting the Use Case applications (System - a collection of components organized to accomplish a specific function or set of functions having a relationship to operational privacy management)

11 Privacy Controls 10. Privacy controls required for developer implementation Control - a process designed to provide reasonable assurance regarding the achievement of stated objectives  [Note: to be developed against specific domain, system, or applications as required by internal governance policies and regulations]

12 Use Case Development 12. Functional Services Necessary to Support Privacy Controls Service - a collection of related functions and mechanisms that operate for a specified purpose  

13 “Responsibilities” Table
Stakeholder/Domain Owners Data Subjects Applications PI/PII Legal/Regulatory Policies Domains Data Flows/Touch points Privacy Controls Services CPO x IT Architect Business Analyst Team Privacy Champion Senior Developer

Download ppt "Privacy By Design Draft Privacy Use Case Template"

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Module N° 7 – Introduction to SMS

Module N° 7 – Introduction to SMS
Privacy By Design Sample Use Case

Privacy By Design Sample Use Case
EMS Checklist (ISO model)

EMS Checklist (ISO model)
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
1 Brief Descriptions of CMM KPAs CEN 6070 Summer 2004.

1 Brief Descriptions of CMM KPAs CEN 6070 Summer 2004.
© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.

© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.
Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)

Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
Fluff Matters! Information Governance in an Online Era Lisa Welchman.

Fluff Matters! Information Governance in an Online Era Lisa Welchman.
Architecture is More Than Just Meeting Requirements Ron Olaski SE510 Fall 2003.

Architecture is More Than Just Meeting Requirements Ron Olaski SE510 Fall 2003.
Security Extensions to the DOD Architecture Framework Kevin Richardson Information Assurance Lab Auburn University Computer Science and Software Engineering.

Security Extensions to the DOD Architecture Framework Kevin Richardson Information Assurance Lab Auburn University Computer Science and Software Engineering.
Lesson-10 Information System Building Blocks(2)

Lesson-10 Information System Building Blocks(2)
9/6/2001Database Management – Fall 2000 – R. Larson Information Systems Planning and the Database Design Process University of California, Berkeley School.

9/6/2001Database Management – Fall 2000 – R. Larson Information Systems Planning and the Database Design Process University of California, Berkeley School.
Chapter 10: Analyzing Systems Using Data Dictionaries Instructor: Paul K Chen.

Chapter 10: Analyzing Systems Using Data Dictionaries Instructor: Paul K Chen.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
Business Area Analysis Focus: Domain View (selected business area) Goals: –Isolate functions and procedures that allow the area to meet its goals –Define.

Business Area Analysis Focus: Domain View (selected business area) Goals: –Isolate functions and procedures that allow the area to meet its goals –Define.
1 ECCF Training 2.0 Introduction ECCF Training Working Group January 2011.

1 ECCF Training 2.0 Introduction ECCF Training Working Group January 2011.
Software Architecture in Practice

Software Architecture in Practice
Chapter 2: IS Building Blocks Objectives

Chapter 2: IS Building Blocks Objectives

Similar presentations

Ads by Google