The Missing Link in Privacy Risk Assessments

Tuesday, September 12, 2023 - 3:45 pm4:00 pm

Jared Maslin, University of California, Berkeley, and Good Research, LLC


Industry frameworks have made significant progress in breaking down the mass of regulatory influences and defining a path forward for businesses seeking to do the right thing in data privacy. However, one critical gap remains unaddressed, which can easily short-circuit the entire privacy lifecycle: risk assessments. No two organizations interpret privacy compliance in exactly the same way. Seeking some semblance of guidance, many turn to industry frameworks like NIST Privacy, ISO Standards, or even SOC 2 privacy criteria, only to find that none fully encompass all of the attributes that make a given business unique. The result is a risk assessment with little prescription, and where there is guidance, a tendency to force a square peg through a round hole – they don't fit. This is a problem that I've been working to address across industry lines, and what I've developed is a contextual, risk-based approach to internal privacy risk identification, prioritization, and remediation. The approach includes specific exploration of user journeys and data lifecycles (including process and infrastructure) across a full spectrum of potential data subjects on a global scale. During this talk, I'll introduce a persona-based approach developed to enable organizations to assess their own unique risk appetite, defining a fit-for-purpose, prioritized risk assessment that can be implemented in a sustainable manner and can successfully adapt to constant changes in global privacy regulation.

Jared Maslin, University of California, Berkeley, and Good Research, LLC

Jared Maslin is a Lecturer at the University of California, Berkeley's School of Information where he focuses on Ethics, Privacy, and Data Protection in Data Science. He also serves as the Chief Operating Officer and Director of Privacy Consulting with Good Research, LLC where he partners with industry clients in designing, implementing, and monitoring solutions to emerging privacy preservation and compliance challenges. Jared works at the intersection of strategic business objectives, consumer expectations, and regulatory influences on a global scale with an end goal of creating solutions and supporting processes that are scalable and sustainable to meet the needs of everyone impacted, now and in the distant future.

@conference {290841,
author = {Jared Maslin},
title = {The Missing Link in Privacy Risk Assessments},
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = sep

Presentation Video