P1 High Privacy Risk
P2 Moderate Privacy Risk
P3 Low Privacy Risk
A privacy impact assessment (PIA) is a tool for identifying and assessing privacy risks throughout the development life cycle of a program or system.
A privacy impact assessment states what personally identifiable information (Personally identifiable information (PII) is any data that could potentially identify a specific individual) is collected and explains how that information is maintained, how it will be protected and how it will be shared.
A Privacy Impact Rating indicates the sensitivity level of the data that will be processed or accessible. Some software vendors incorporate the following Privacy Impact Ratings in their software development assessment processes: • P1 High Privacy Risk: The feature, product, or service stores or transfers Personally Identifiable Information (PII); monitors the user with an ongoing transfer of anonymous data; changes settings or file type associations; or installs software. • P2 Moderate Privacy Risk: The sole behavior that affects privacy in the feature, product, or service is a one-time, user-initiated anonymous data transfer (e.g., the user clicks on a link and goes out to a web site). • P3 Low Privacy Risk: No behaviors exist within the feature, product, or services that affect privacy. No anonymous or personal data is transferred, no PII is stored on the machine, no settings are changed on the user’s behalf, and no software is installed.
||
No comments:
Post a Comment
You will get Reply with in 24 hours