From Privacy Impact Assessments (PIA) to Information Risk Assessments
- LANGUAGE: English DATE: Tuesday, November 25, 2014 TIME: 4:00pm CET, 10:00am EST, 7:00am PST
Privacy Impact Assessments (PIAs) are already or soon will be a legal requirement in many jurisdictions or sectors (i.e. payment cards sector). They provide a great help for institutions to focus on privacy and data flows and therefore provide an interesting entry point into an overall discussion on Information and identity-related risks. In this webinar, KuppingerCole´s fellow analysts Scott David and Karsten Kinast will discuss with you about PIAs as a natural starting point for a broader and more complete view on digital risks.
Privacy is just one of the risk concerns (albeit an important one) for businesses, governments and other organizations relating to data, information and identity flows. Privacy Impact Assessments (PIA) are a common practice to identify and reduce privacy risks. Therefore it should be very helpful to examine PIAs in the context of the broader range of risk issues arising from the convergence of the digital and analog worlds. This is particularly important since the concepts of potential negative "privacy" impacts and the deployment of resources to address them are typically viewed by large institutions in the context of overall related information-usage risks.
For example, a bank needs to balance privacy with identity veracity to protect accounts, a hospital needs to balance privacy with safety of delivery of care to the correct patient, etc. In either case, other risks are balanced with privacy risks by entities to determine actual actions and behaviors.
KuppingerCole´s Fellow Analysts Dr. Scott David, LL.M and Dr. Karsten Kinast, LL.M will introduce you to the concept of expanding PIAs to a "Risk Impact Assessment" concept, providing a 360 degrees view on digital risk.
As users, devices and application workloads move outside the corporate network, the traditional model of enforcing security at the network perimeter is no longer effective. A Zero Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless of where they are working. But the path to achieving Zero Trust is unclear for many organizations.