Privacy Impact Assessments (PIAs)
A new way to strengthen data protection in Europe?
One-day expert symposium marks the end of the Privacy Impact Assessment Guideline project
In the "Commission Recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification" from 12 May 2009, the European Commission advised operators of RFID systems to carry out privacy impact assessments (PIAs) on these systems.
Within the PIA Guideline project, the Federal Office for Information Security sought to incorporate the security methodology of BSI Technical Guideline TR-03126 (also referred to as TR RFID) as part of a standard approach to performing PIAs. The guideline produced in the project is thus meant to provide German industrial companies with an efficient means of following the recommendation on conducting privacy impact assessments based on BSI TR-03126. At the same time, the aim is to promote the secure use of RFID technology.
The guide developed by the Federal Office for Information Security in cooperation with the Vienna University of Economics and Business (WU) on the practical implementation of the PIA Framework (which was created by members of industry and co-regulated by the European Commission) was presented at a one-day expert symposium entitled "Privacy Impact Assessments (PIAs) -- A New Way to Strengthen Data Protection in Europe?"
Held at the Austrian Embassy in Berlin on 25 November 2011, this public event marked the end of the PIA Guideline project.
Privacy Impact Assessment Guideline for RFID Applications
Privacy Impact Assessment Guideline (Kurzfassung)
Programme and Presentations
| Time | Topic |
|---|---|
| 08:30 -- 09:00 | Registration |
| 09:00 -- 09:30 | Welcome address and introduction to subject matter Dr Ralph Scheide, Austria's Ambassador to Germany Michael Hange, President of the Federal Office for Information Security (BSI) Prof Dr Sarah Spiekermann, Head of the Institute for Management Information Systems, Vienna University of Economics and Business (WU) |
| Time | Topic |
|---|---|
| 09:30 -- 10:00 | Peter Schaar, German Federal Commissioner for Data Protection and Freedom of Information On the future of PIAs in relation to the supervision of data protection: How can PIAs be implemented in a practical manner and incorporated into everyday routines? In what form should PIAs be made obligatory? Would the affected companies and supervisory authorities be able to expend the amount of effort required? |
| 10:00 -- 10:30 | Peter Hustinx, European Data Protection Supervisor On the role PIAs could play in Europe's future data-protection efforts and the revision of the EU's Data Protection Directive |
| 10:30 -- 11:00 | 01 -- Bernd Kowalski, Department President at the Federal Office for Information Security (BSI) Security Assessments und Security-by-Design – Erfahrungen über die Auswirkungen von Risikoabschätzungsverfahren auf die Entwicklung von Technologien |
| 11:00 -- 11:30 | Coffee break |
| Time | Topic |
|---|---|
| 11:30 -- 12:00 | 02 -- Dr Gerald Santucci, Head of DG INFSO, European Commission Vorstellung des PIA Framework für RFID und seine Entstehungsgeschichte |
| 12:00 -- 12:30 | 03 -- Prof Dr Udo Helmbrecht, Executive Director of ENISA Wie die ENISA den Erfolg von Umsetzungen des RFID PIA bewerten wird und wie die ENISA insgesamt den Ansatz von PIAs sieht |
| 12:30 -- 13:30 | Lunch break |
| Time | Topic |
|---|---|
| 13:30 -- 14:30 | 04 -- Harald Kelter, Project Lead at BSI, and Marie Oetzel, Scientist at the Vienna University of Economics and Business (WU) Einführung in den BSI PIA Leitfaden: Methodische Interpretation und Umsetzung des PIA Frameworks für RFID |
| 14:30 -- 15:00 | 05 -- Christian von Grone, CIO, Gerry Weber International AG Erfahrungen aus der praktischen Anwendung des BSI PIA Leitfadens in der Textilindustrie |
| 15:00 -- 15:20 | Coffee break |
| Time | Topic |
|---|---|
| 15:20 -- 15:40 | 06 - Prof Dr Posch, CIO, Republic of Austria Security Risk Assessments für das e-Government – Methoden und präventive Maßnahmen |
| 15:40 -- 16:00 | 07 -- David Wright, internationally recognised expert and advisor on privacy impact assessments Internationale Erfahrungen im Bereich der Umsetzung von PIAs und des Engagements der Industrie |
| 16:00 -- 16:20 | 08 -- Heinz Paul Bonn, Vice President, Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V. (BITKOM) PIAs – Perspektiven und Chancen für die Industrie |
| 16:20 -- 17:00 | 09 -- Wolf-Rüdiger Hansen, Managing Director, AIM-Deutschland e.V. Erste Erfahrungen bei der Einführung von PIAs in der Auto-ID Industrie |
| 17:00 -- 17:15 | Short break |
| 17:15 -- 18:15 | Podium Christian von Grone, Prof Dr Posch, Peter Schaar, Peter Hustinx, Prof Helmbrecht Moderator: Prof Dr Sarah Spiekermann Are risk assessment procedures the right tools for taking on the challenges of data protection and data security in virtual environments? |
