Mitigating Privacy Risks
This guide explores the integration of the Factor Analysis of Information Risk (FAIR) model with the Hoepman Privacy Design strategies to effectively mitigate privacy risks. The core principle is that risk factors identified by FAIR can be systematically targeted and reduced by applying specific design strategies. This interactive tool will help you understand these relationships and how to apply them.
The Core Mapping: FAIR to Hoepman
Click on a FAIR risk factor below to see which Hoepman strategies are most effective at mitigating it. The chart and cards will update to visualize and explain the relationship.
Select a Factor
The chart visualizes how strongly the selected FAIR factor is influenced by each Hoepman strategy.
Strategies will appear here when you select a factor.
Systematic Application
Understanding the roles different actors play in a system is key to placing controls effectively. Privacy strategies can be applied by intermediaries to protect individuals or enforced by regulators to ensure compliance.
The Intermediary Advantage
An intermediary (Actor 2) sits between a threat actor (Actor 1) and an individual. This unique position allows the intermediary to implement controls that the threat actor cannot bypass.
Actor 1
Actor 2
Effective controls for intermediaries include: Minimize, Separate, Hide, Abstract, Inform, and Control.
Leveraging Relationships for Enforcement
When one actor, like a government regulator, has control over another (e.g., a company), they can supervise conduct through legal and contractual means.
The primary strategies used by controlling actors are: Enforce (policies, laws) and Demonstrate (audits, compliance reports).
Risk Tolerance Assessment Tool
Mitigation rarely reduces risk to zero. Use this tool to reflect on the questions professionals must ask to determine if the remaining (residual) risk is acceptable within their organization's risk tolerance.