Distinction between "De-identification" and "Privacy Risk Management"
prasser opened this issue · 2 comments
Thanks for this great initiative!
I would suggest to either merge the categories "de-identification" and "privacy risk management" or to more clearly describe the differences. De-identification is a privacy risk management process and many tools that support de-identification also support "risk models, risk assessment methodologies, and approaches to determining privacy risk factors". As an alternative: is it OK, if the same tool is added to both categories?
Best regards
Fabian
Hi Fabian,
Thanks for your contribution, and for sharing this feedback!
We've opted to revise our Focus Areas in an effort to clarify the differences. We welcome your suggestions on additional edits, if you have feedback.
Most significantly, we changed the "Privacy Risk Management" Focus Area to be more tightly scoped, renamed to "Privacy Risk Assessment". The Privacy Risk Assessment Focus Area is now described as: "a process that helps organizations to analyze and assess privacy risks for individuals arising from the processing of their data. This focus area includes, but is not limited to, risk models, risk assessment methodologies, and approaches to determining privacy risk factors". We also made edits to the "De-identification" Focus Area; it is now described as: "a technique or process applied to a dataset with the goal of preventing or limiting certain types of privacy risks to individuals, protected groups, and establishments, while still allowing for the production of aggregate statistics. This focus area includes a broad scope of de-identification to allow for noise-introducing techniques such as differential privacy, data masking, and the creation of synthetic datasets that are based on privacy-preserving models".
We're using the Focus Areas to categorize by the topic area that most strongly represents the contribution, so at this time, we're listing contributions under only one of them. We recognize that there is likely to be some overlap, so in the description of the contribution, you are welcome to describe in more detail the relationship of the contribution to the other Focus Area.
We would agree that your tool relates to both, but tend to think it is best represented by De-identification. That said, please let us know if you'd like to change categories or make any edits to your contribution!
Best,
Katie
Dear Katie,
that makes a lot of sense and with these clarifications ARX is assigned to the right category! I will create a PR describing the contributions to the other focus area when I find the time to do so.
Closing this. Thanks!
Fabian