This is a stub.
TODO:
- Transparency: legal vs. IT
- Unlinkability vs. Purpose-binding: legal vs. academic definition
- Anonymity vs. Pseudonymity (often erroneously in privacy policies and public statements)
- All data protection-relevant aspects related to the end user must be planned to be secure
- All options for ensuring data protective behavior have to be preconfigured in a way a user can not accidentally lose personal information
- Data access takes place in line with data economy principles
- Data not immediately used may not be collected
- Passing data to third parties requires an Opt-In from the user
- Opt-In means that the user needs to explicitly confirm the data transfer beyond the scope of the application
TODO: Entries marked with (CC) were taken from the Protection Profile for Mobile Device Fundamentals (PDF).
- Eavesdropping (CC)
- Network Attack (CC)
- Physical Access (CC)
- Malicious / Flawed Application (CC)
- Persistent Presence (CC)
- Insider Attacks
- Rogue Employee
- Accidental Misconfiguration
- ideally after each Development Phase you need to reassess the risks.
Confidentiality
Integrity
Availability
TODO: Explain the differences between the classical and the legal perspectives on CIA again? They are explained in the SDM.
Data Minimization
Availability
Integrity
Confidentiality
Unlinkability
Transparency
M. Hansen, Top 10 Mistakes in System Design from a Privacy Perspective and Privacy Protection Goals in Privacy and Identity Management for Life