O3.19 Develop privacy requirements and select mitigation strategies

Principle

O3: Ensure data privacy by design

Risk

RS2 Digital insecurity, RS1 Privacy vulnerability

Life Cycle Stage

L2: Strategy & Design

Practice

• Create a data flow diagram to map the system's entities and processes, identify privacy threats using established categories, and assess risks.

• Use established categories such as those from LINDDUN or other privacy threat modeling frameworks to systematically identify where privacy risks may arise within your system.

• Regularly revisit and refine your privacy requirements and mitigation strategies to ensure they remain effective.

Resources

References

LINDDUN (N/d). A Framework for Privacy Threat Modelling. https://linddun.org/