Deficiencies in Traditional Risk Analysis
Traditional approaches to privacy risk are often flawed. They tend to be myopic, use confusing terminology, and lack quantitative rigor, making it difficult to make effective, cost-conscious decisions. This section breaks down these three fundamental problems.
Organizational Myopia
Focus is limited to organizational risks like legal fines, ignoring potential social backlash from new technologies and failing to account for harm to individuals.
Terminology Confusion
The absence of a control (e.g., encryption) is often mislabeled as a "risk," when it's actually a vulnerability or threat. This leads to imprecise analysis.
Example: Unencrypted data is a vulnerability a hacker's threat exploits.
Qualitative Nature
Framing risk as "low, medium, high" is ambiguous and hinders cost-benefit analysis of controls. A quantitative approach is needed for sound decision-making.
The Quantitative FAIR Model Explorer
This model shifts the focus to individuals and quantifies risk. It is defined as the product of Threat Frequency and Harm Magnitude. Click on the components below to deconstruct the framework and see how each factor is defined.
Privacy Risk
Frequency & Magnitude of Harms
Threat Frequency
How often threats occur
Harm Magnitude
Severity & Consequences
Privacy Risk
The overall risk, defined as the frequency of privacy threats and the magnitude of harms for the at-risk population.
Threat Frequency
The frequency (e.g., events per year) that threat actors' actions adversely impact individuals.
Composed of Attempt Frequency and Vulnerability.
Attempt Frequency
How often threat actors attempt a threatening act. This is a function of their Opportunity (how often they can interact) and their Motivation (the probability they will seize the opportunity).
Vulnerability
The probability that a threat actor's attempt will succeed. This depends on the actor's Capability (their skills/resources) and the Difficulty they must overcome (controls put in place).
Harm Magnitude
The probable magnitude of harm that will result from a threat event.
Composed of Severity and Adverse Consequence Risk.
Severity (The ABC Test)
The degree to which an activity violates social norms. An activity is less likely to be a harm based on the level of Awareness, Benefit to the individual, and Consent.
Adverse Consequence Risk
The frequency and magnitude of tangible consequences (e.g., psychological, financial, or physical harm) that result from the privacy harm.
Interactive Scenario: The ABC Test
See how Severity changes based on context. Imagine an employer asks a job candidate about their salary history. Is it a privacy harm? Adjust the sliders to see how the ethical landscape changes.
Calculated Severity
With low awareness, unclear benefit, and coerced consent, asking for salary history is a severe violation of social norms and likely constitutes a privacy harm.
Key Takeaways for Students
This framework provides a new lens for evaluating privacy. Here are the five most important principles to remember from this modern approach to privacy risk analysis.
Shift the Focus
Move beyond legal compliance to assess actual harm to the individual, considering social norms and tangible consequences.
Use Precise Language
Differentiate clearly between Controls, Vulnerabilities, Threats, and Risks to ensure your analysis is accurate.
Understand the FAIR Framework
Recognize that overall Privacy Risk is a function of Frequency and Magnitude.
Apply the ABC Test
Use Awareness, Benefit, and Consent as a practical test to determine the ethical severity of an activity.
Be Quantitative
Express risk in ranges and distributions, not ambiguous High/Medium/Low labels, to enable better decision-making.