Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy By Design Draft Privacy Use Case Template

Similar presentations

Presentation on theme: "Privacy By Design Draft Privacy Use Case Template"— Presentation transcript:

1 Privacy By Design Draft Privacy Use Case Template

2 Privacy Template Purpose
Standardized format enabling description of a specific Privacy Use Case in which personal information or personally identifiable information is involved and the focus is on software developers Provide an inventory of Privacy Use Case components and the responsible parties that directly affect software development for the Use Case Segment Privacy Use Case components in a manner generally consistent with the OASIS PMRM v1.0 Committee Specification Enable understanding of the relationship of the privacy responsibilities of software developers vis-à-vis other relevant Privacy Use Case stakeholders Bring insights to the privacy aspect when moving through the different stages of the privacy life-cycle May be extended to address predicates for software developers (training, privacy management maturity, etc.) Does not specify an implementer’s SDLC methodology, development practices or in-house data collection, data analysis or modeling tools Overall value as a tool to increase opportunities to achieve Privacy by Design in applications by extracting and making visible required privacy properties

3 Where are boundaries of software engineers/developers responsibilities with respect to other stakeholders for Privacy by Design? Use case template can help answer this question.

4 Privacy Use Case Template
Privacy Use Case Title Systems Privacy Controls Functional Services Description Data Subjects Application(s) PI/PII Regulatory and Business Policies Data Flows Touch Points Domains, Owners, Roles Products

5 Foundational Information
Use Case Title and Description Data subject(s) associated with Use Case (Include any data subjects associated with any of the applications in the use case) Application(s) associated with Use Case (Relevant applications and products where personal information is communicated, created, processed, stored or deleted and requiring software development)

6 Foundational Information (continued)
4. PI and PII covered by the Use Case (The PI and PII collected, created, communicated, processed, stored or deleted within privacy domains or systems, applications or products) [Note: per domain, system, application or product depending on level of use case development] 5. Legal, regulatory and /or business policies governing PI and PII in the Use Case (The policies and regulatory requirements governing privacy conformance within use case domains or systems and links to their sources)

7 Stakeholder Information
6. Domains, Domain Owners, and Roles associated with Use Case – Definitions: Domains - both physical areas (such as a customer site or home) and logical areas (such as a wide-area network or cloud computing environment) that are subject to the control of a particular domain owner Domain Owners - the Participants responsible for ensuring that privacy controls and functional services are defined or managed in business processes and technical systems within a given domain [Note: This should cover the different views and perspectives of the Use Case by identifying those stakeholders (business person and/or privacy person may have a different perspective) Roles - the roles and responsibilities assigned to specific Participants and Systems within a specific privacy domain

8 7. Data Flows and Touch Points Linking Domains or Systems
Use Case Development 7. Data Flows and Touch Points Linking Domains or Systems Touch points - the points of intersection of data flows with privacy domains or systems within privacy domains Data flows – data exchanges carrying PI and privacy policies among domains in the use case

9 Use Case Development 8. Data Flows and Touch Points Linking Domains or Systems – Example Hudson Motors Communications Division Vehicle Backend Data Operations Vehicle Web Portal Vehicle Communications System

10 Systems under Development
9. Systems supporting the Use Case applications (System - a collection of components organized to accomplish a specific function or set of functions having a relationship to operational privacy management)

11 Privacy Controls 10. Privacy controls required for developer implementation Control - a process designed to provide reasonable assurance regarding the achievement of stated objectives  [Note: to be developed against specific domain, system, or applications as required by internal governance policies and regulations]

12 Use Case Development 12. Functional Services Necessary to Support Privacy Controls Service - a collection of related functions and mechanisms that operate for a specified purpose  

13 “Responsibilities” Table
Stakeholder/Domain Owners Data Subjects Applications PI/PII Legal/Regulatory Policies Domains Data Flows/Touch points Privacy Controls Services CPO x IT Architect Business Analyst Team Privacy Champion Senior Developer

Download ppt "Privacy By Design Draft Privacy Use Case Template"

Similar presentations

Ads by Google