MARKET - Economics - Privacy - Privacy Metrics
The recent development of privacy metrics – metrics that quantitatively capture privacy-related aspects in a firm – challenge the general assumption among legal scholars that privacy and privacy measures are not quantifiable. The drive for quantitative measures is partially due to the increased pressure of data protection officers in firms to justify their budgets, but also due to the need for a measurement of effectiveness of specific measures. Within the research field privacy metrics are a methodological advancement.The main goal of quantification is to make privacy (aspects) in firms measurable and comparable. Quantification also allows inter-temporal comparisons and trend analysis.
Privacy metrics are related to two main areas:
- Key performance indicators used by firms or by policy makers; and
- Algorithms that are related to the sensitivity of data in a given set
This section discusses privacy metrics as performance indicator in a “return on investment” context. The selection of relevant metrics must be based upon the strategic goal of the firm (such as effectiveness measurement).
There are by now a number of examples of key performance indicators to capture of privacy-relevant matters, i.e. number of data security incidences, the number of privacy impact assessments conducted in a company, the number of lost or stolen records, etc. Two examples are the privacy risk exposure as well as the return on privacy investment indicator (see also Jentzsch 2015).
Privacy Risk Exposure: Privacy risk exposure can be best described as potential loss resulting from the compromising of personal data sets held by a firm. This indicator is often the outcome of a Privacy Impact Assessment. Important is the probability with which a data breach can occur (based upon past experience in the firm or in similar firms). The input of such a calculation is often not more than informed guessing; therefore the indicator is more qualitative than quantitative in nature.
Return on Privacy Investment: This indicator consists of the return of avoided potential losses because of data breaches, Annual Loss Expectancy (ALE), where ALE = single loss expectancy (SLE) * Annual Rate of Occurrence (ARO), see below. SLE describes potential losses, ARO the frequencies of such losses. Red, in the formula below, denotes the reduction in frequencies of breaches occurring (say from 10 cases 8 can be avoided, 0.8). Finally, cost of measure indicates the costs for the implementation of the protective measure. Thus,
If the outcome is greater than 1, the protective measure can be regarded as cost efficient by the investor. Again, the inputs into this formula are rather indicative and often subject to informed guesswork. Most of the outputs in privacy metrics are subject to this problem. Therefore, the outcome of this calculation should be accompanied by a confidence estimate regarding the quality of the outcome.
Further IPACSO Reading
Jentzsch, N. (2015) State-of-the-Art of the Economics of Cyber-Security and Privacy, IPACSO - Innovation Framework for ICT Security Deliverable 4.1. (download)