1 / 13

Privacy By Design Draft Privacy Use Case Template

Privacy By Design Draft Privacy Use Case Template. Privacy Template Purpose. Standardized format enabling description of a specific Privacy Use Case in which personal information or personally identifiable information is involved and the focus is on software developers

adia
Download Presentation

Privacy By Design Draft Privacy Use Case Template

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy By DesignDraft Privacy Use Case Template

  2. Privacy Template Purpose • Standardized format enabling description of a specific Privacy Use Case in which personal information or personally identifiable information is involved and the focus is on software developers • Provide an inventory of Privacy Use Case components and the responsible parties that directly affect software development for the Use Case • Segment Privacy Use Case components in a manner generally consistent with the OASIS PMRM v1.0 Committee Specification • Enable understanding of the relationship of the privacy responsibilities of software developers vis-à-vis other relevant Privacy Use Case stakeholders • Bring insights to the privacy aspect when moving through the different stages of the privacy life-cycle • May be extended to address predicates for software developers (training, privacy management maturity, etc.) • Does not specify an implementer’s SDLC methodology, development practices or in-house data collection, data analysis or modeling tools • Overall value as a tool to increase opportunities to achieve Privacy by Design in applications by extracting and making visible required privacy properties

  3. Where are boundaries of software engineers/developers responsibilities with respect to other stakeholders for Privacy by Design? Use case template can help answer this question.

  4. Privacy Use Case Template

  5. Foundational Information • Use Case Title and Description • Data subject(s) associated with Use Case (Include any data subjects associated with any of the applications in the use case) • Application(s) associated with Use Case (Relevant applications and products where personal information is communicated, created, processed, stored or deleted and requiring software development)

  6. Foundational Information(continued) 4. PI and PII covered by the Use Case (The PI and PII collected, created, communicated, processed, stored or deleted within privacy domains or systems, applications or products) [Note: per domain, system, application or product depending on level of use case development] 5. Legal, regulatory and /or business policies governing PI and PII in the Use Case (The policies and regulatory requirements governing privacy conformance within use case domains or systems and links to their sources)

  7. Stakeholder Information 6. Domains, Domain Owners, and Roles associated with Use Case – Definitions: • Domains - both physical areas (such as a customer site or home) and logical areas (such as a wide-area network or cloud computing environment) that are subject to the control of a particular domain owner • Domain Owners - the Participants responsible for ensuring that privacy controls and functional services are defined or managed in business processes and technical systems within a given domain [Note: Thisshould cover the different views andperspectivesof the Use Case byidentifyingthosestakeholders (business person and/or privacy person may have a different perspective) • Roles - the roles and responsibilities assigned to specific Participants and Systems within a specific privacy domain

  8. Use Case Development 7. Data Flows and Touch Points Linking Domains or Systems • Touch points - the points of intersection of data flows with privacy domains or systems within privacy domains • Data flows – data exchanges carrying PI and privacy policies among domains in the use case

  9. Use Case Development • 8. Data Flows and Touch Points Linking Domains or Systems – Example

  10. Systems under Development 9. Systems supporting the Use Case applications (System - a collection of components organized to accomplish a specific function or set of functions having a relationship to operational privacy management)

  11. Privacy Controls 10. Privacy controls required for developer implementation • Control - a process designed to provide reasonable assurance regarding the achievement of stated objectives  [Note: to be developed against specific domain, system, or applications as required by internal governance policies and regulations]

  12. Use Case Development 12. Functional Services Necessary to Support Privacy Controls • Service - a collection of related functions and mechanisms that operate for a specified purpose

  13. “Responsibilities” Table

More Related