{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T05:03:29Z","timestamp":1766466209956},"publisher-location":"Cham","reference-count":45,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319314556"},{"type":"electronic","value":"9783319314563"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-31456-3_4","type":"book-chapter","created":{"date-parts":[[2016,3,9]],"date-time":"2016-03-09T13:16:18Z","timestamp":1457529378000},"page":"60-92","source":"Crossref","is-referenced-by-count":11,"title":["A Data Protection Impact Assessment Methodology for Cloud"],"prefix":"10.1007","author":[{"given":"Rehab","family":"Alnemr","sequence":"first","affiliation":[]},{"given":"Erdal","family":"Cayirci","sequence":"additional","affiliation":[]},{"given":"Lorenzo Dalla","family":"Corte","sequence":"additional","affiliation":[]},{"given":"Alexandr","family":"Garaga","sequence":"additional","affiliation":[]},{"given":"Ronald","family":"Leenes","sequence":"additional","affiliation":[]},{"given":"Rodney","family":"Mhungu","sequence":"additional","affiliation":[]},{"given":"Siani","family":"Pearson","sequence":"additional","affiliation":[]},{"given":"Chris","family":"Reed","sequence":"additional","affiliation":[]},{"given":"Anderson Santana","family":"de Oliveira","sequence":"additional","affiliation":[]},{"given":"Dimitra","family":"Stefanatou","sequence":"additional","affiliation":[]},{"given":"Katerina","family":"Tetrimida","sequence":"additional","affiliation":[]},{"given":"Asma","family":"Vranaki","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,3,10]]},"reference":[{"key":"4_CR1","unstructured":"Article 29 Data Protection Working Party: Statement on the role of a risk-based approach in data protection legal frameworks (WP218), May (2014). \n                      http:\/\/ec.europa.eu\/justice\/data-protection\/article-29\/documentation\/opinion-recommendation\/files\/2014\/wp218_en.pdf"},{"key":"4_CR2","unstructured":"Australian Government, Office of the Australian Information Commissioner: Privacy Impact Assessment Guide (OAIC) (2010)"},{"key":"4_CR3","unstructured":"Avepoint: Avepoint Privacy Impact Assessment (APIA) System (2015). \n                      https:\/\/privacyassociation.org\/resources\/apia"},{"key":"4_CR4","volume-title":"The Governance of Privacy: Policy Instruments in Global Perspective","author":"CJ Bennett","year":"2006","unstructured":"Bennett, C.J., Raab, C.D.: The Governance of Privacy: Policy Instruments in Global Perspective. MIT Press, Cambridge (2006)"},{"key":"4_CR5","unstructured":"CambridgeSoft: ChemBioOffice Cloud\u2013An Integrated Decision Support System for CHDI (2010). \n                      http:\/\/chembionews.cambridgesoft.com\/WhitePapers\/Default.aspx?whitePaperID=43"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Cayirci, E., Garaga, A., Santana de Oliveira, A., Roudier, Y.: A cloud adoption risk assessment model. utility and cloud computing (UCC). In: 2014 IEEE\/ACM 7th International Conference, pp. 908\u2013913 (2014)","DOI":"10.1109\/UCC.2014.148"},{"key":"4_CR7","unstructured":"Centre for Information Policy Leadership (CIPL): A Risk-based Approach to Privacy: Improving Effectiveness in Practice (2014). \n                      http:\/\/www.hunton.com\/files\/upload\/Post-Paris_Risk_Paper_June_2014.pdf"},{"issue":"2","key":"4_CR8","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1016\/j.clsr.2009.02.002","volume":"25","author":"R Clarke","year":"2009","unstructured":"Clarke, R.: Privacy impact assessment: its origins and development. Comput. Law Secur. Rev. 25(2), 123\u2013135 (2009)","journal-title":"Comput. Law Secur. Rev."},{"key":"4_CR9","unstructured":"Cloud Security Alliance (CSA): Security guidance for critical areas of focus in cloud computing, v3.0 (2011). \n                      http:\/\/www.cloudsecurityalliance.org\/guidance\/"},{"key":"4_CR10","unstructured":"Cloud Security Alliance (CSA): The notorious nine: Cloud computing top threats in 2013, v.1.0 (2013). \n                      http:\/\/cloudsecurityalliance.org\/research\/top-threats\/"},{"key":"4_CR11","unstructured":"Commission Nationale de L\u2019informatique et des Libert\u00e9s (CNIL): Recommendations for Companies Planning to Use Cloud Computing Services (2012). \n                      http:\/\/www.cnil.fr\/fileadmin\/documents\/en\/Recommendations_for_companies_planning_to_use_Cloud_computing_services.pdf"},{"key":"4_CR12","unstructured":"Commission Nationale de L\u2019informatique et des Libert\u00e9s (CNIL): Methodology for Privacy Risk Management (2012)"},{"key":"4_CR13","unstructured":"COM 11 final 2012\/0011 (COD) European Commission: Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Brussels, 25.1.2012 p. 1. (2012)"},{"key":"4_CR14","unstructured":"Directive 95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data OJ L281\/31 (DPD) (1995)"},{"key":"4_CR15","series-title":"Law, Governance and Technology Series","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-94-007-2543-0_2","volume-title":"Privacy Impact Assessment","author":"P Hert De","year":"2012","unstructured":"De Hert, P.: A human rights perspective on privacy and data protection impact assessment. In: Wright, D., De Hert, P. (eds.) Privacy Impact Assessment. Law, Governance and Technology Series, vol. 6, pp. 33\u201376. Springer, Netherlands (2012)"},{"key":"4_CR16","unstructured":"European Union Agency for Network and Information Security - European Network and Information Security Agency. Cloud Computing - Benefits, risks and recommendations for information security (2009)"},{"key":"4_CR17","unstructured":"European Network and Information Security Agency: Cloud Security Incident Reporting: Framework for reporting about major cloud security incidents, ENISA (2013)"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Felici, M., Pearson, S.: Accountability, risk, and trust in cloud services: towards an accountability-based approach to risk and trust governance. In: IEEE Proceedings of SERVICES, pp. 105\u2013112 (2014)","DOI":"10.1109\/SERVICES.2014.29"},{"key":"4_CR19","unstructured":"Garaga, A., Santana de Oliveira, A., Cayirci, E., Dalla Corte, L., Leenes, R., Mhungu, R., Stefanatou, D., Tetrimida, K., Alnemr, R., Felici, M., Pearson, S., Vranaki, A.: D:C-6.2 Prototype for the data protection impact assessment tool. A4Cloud Deliverable D36.2 (2014). \n                      http:\/\/www.a4cloud.eu\/sites\/default\/files\/D36.2%20Prototype%20for%20the%20data%20protection%20impact%20assessment%20tool.pdf"},{"key":"4_CR20","unstructured":"Harbird, R., Ahmed, M., Finkelstein, A., McKinney, E., Burroughs, A.: Privacy Impact Assessment with PRAIS (2007). \n                      http:\/\/www.cs.ucl.ac.uk\/staff\/A.Finkelstein\/papers\/hotpets.pdf"},{"issue":"1","key":"4_CR21","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"Mark Hall","year":"2009","unstructured":"Hall, M. et al.: The WEKA Data Mining Software: An Update; SIGKDD Explorations, vol. 11, no. (2009)","journal-title":"ACM SIGKDD Explorations Newsletter"},{"key":"4_CR22","unstructured":"Information Commissioner\u2019s Office: Privacy Impact Assessment Handbook (2011). \n                      http:\/\/ico.org.uk\/pia_handbook_html_v2\/files\/PIAhandbookV2.pdf"},{"key":"4_CR23","unstructured":"Information Commissioner\u2019s Office: Conducting privacy impact assessments code of practice (2014). \n                      https:\/\/ico.org.uk\/media\/for-organisations\/documents\/1595\/pia-code-of-practice.pdf"},{"key":"4_CR24","unstructured":"Information Commissioner\u2019s Office: Guidance for Companies on the Use of Cloud Computing, v1.1 (2012). \n                      http:\/\/ico.org.uk\/for_organisations\/data_protection\/topic_guides\/online\/cloud_computing"},{"key":"4_CR25","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-145","volume-title":"The NIST Definition of Cloud Computing","author":"P Mell","year":"2011","unstructured":"Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800, Washington (2011)"},{"volume-title":"Cloud Computing Law","year":"2013","key":"4_CR26","unstructured":"Millard, C.J. (ed.): Cloud Computing Law. Oxford University Press, Oxford (2013)"},{"key":"4_CR27","unstructured":"National Institute of Standards and Technology NIST: Guidelines on Security and Privacy in Public Cloud Computing, SP 800-144 (2011). \n                      http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-144\/SP800-144.pdf"},{"key":"4_CR28","unstructured":"NOREA: Privacy Impact Assessment: Introductie, handreiking en vragenlijst. beroepsorganisatie van IT-auditors (2013). \n                      http:\/\/www.norea.nl\/readfile.aspx?ContentID=36650&ObjectID=343968&Type=1&File=0000040117_NOREA%20A4%20Privacy%20Impact%20Assessment%2003%20WEB.pdf"},{"key":"4_CR29","unstructured":"Organisation for Economic Co-operation and Development OECD: Guidelines Concerning the Protection of Privacy and Transborder Flows of Personal Data (2013). \n                      http:\/\/www.oecd.org\/sti\/ieconomy\/2013-oecd-privacy-guidelines.pdf"},{"key":"4_CR30","unstructured":"Office of the Privacy Commissioner of Canada: Securing Personal Information: A Self-Assessment Tool for Organisations (2011). \n                      http:\/\/www.priv.gc.ca\/resource\/tool-outil\/security-securite\/english\/AssessRisks.asp?x=1"},{"key":"4_CR31","unstructured":"Pearson, S: Simple Mode: Addressing Knowledge Engineering Complexity in a Privacy Expert System, HP Labs External Technical Report, HPL-2010-75, June (2010). \n                      http:\/\/www.hpl.hp.com\/techreports\/2010\/HPL-2010-75.html"},{"key":"4_CR32","doi-asserted-by":"publisher","first-page":"1496","DOI":"10.4018\/978-1-4666-2455-9.ch078","volume-title":"Data Mining","author":"Siani Pearson","year":"2013","unstructured":"Pearson, S., Sander, T.: A decision support system for privacy compliance. In: Data Mining: Concepts, Methodologies, Tools, and Applications, pp. 1496\u20131518. Information Science Reference, Hershey (2013). doi:\n                      10.4018\/978-1-4666-2455-9.ch078"},{"key":"4_CR33","doi-asserted-by":"crossref","unstructured":"Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, accountable privacy management for large organizations. In: Enterprise Distributed Object Computing Conference Workshops, EDOCW 2009, vol. 13, pp. 168\u2013175 (2009)","DOI":"10.1109\/EDOCW.2009.5331996"},{"issue":"1","key":"4_CR34","first-page":"106","volume":"1","author":"T Sander","year":"2010","unstructured":"Sander, T., Pearson, S.: Decision support for selection of cloud service providers. Int. J. Comput. (JoC) GTSF 1(1), 106\u2013113 (2010)","journal-title":"Int. J. Comput. (JoC) GTSF"},{"key":"4_CR35","unstructured":"SEC 72 final, Commission Staff Working Paper: Impact Assessment Accompanying the document Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. Brussels, 25.1.2012, p. 81 (2012). \n                      http:\/\/ec.europa.eu\/justice\/data-protection\/document\/review2012\/sec_2012_72_en.pdf"},{"issue":"4","key":"4_CR36","doi-asserted-by":"crossref","first-page":"392","DOI":"10.1016\/j.clsr.2010.05.005","volume":"26","author":"D Svantesson","year":"2010","unstructured":"Svantesson, D., Clarke, R.: Privacy and consumer risks in cloud computing. Comput. Law Secur. Rev. 26(4), 392 (2010)","journal-title":"Comput. Law Secur. Rev."},{"key":"4_CR37","doi-asserted-by":"publisher","first-page":"477","DOI":"10.2307\/40041279","volume":"154","author":"DJ Solove","year":"2006","unstructured":"Solove, D.J.: A taxonomy of privacy. Univ. PA Law Rev. 154, 477 (2006)","journal-title":"Univ. PA Law Rev."},{"key":"4_CR38","unstructured":"Tancock, D., Pearson S., Charlesworth. A.: The emergence of privacy impact assessments (2010). \n                      http:\/\/www.hpl.hp.com\/techreports\/2010\/HPL-2010-63.pdf"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Tancock, D., Pearson, S., Charlesworth, A.: Analysis of privacy impact assessments within major jurisdictions. In: Proceedings of PST 2010, pp. 118\u2013125. IEEE, Ottawa (2010)","DOI":"10.1109\/PST.2010.5593260"},{"key":"4_CR40","series-title":"Computer Communications and Networks","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/978-1-4471-4189-1_3","volume-title":"Privacy and Security for Cloud Computing","author":"D Tancock","year":"2013","unstructured":"Tancock, D., Pearson, S., Charlesworth, A.: A privacy impact assessment tool for cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing. Computer Communications and Networks, pp. 73\u2013123. Springer, London (2013)"},{"key":"4_CR41","unstructured":"Truste: TRUSTe Assessment Manager. \n                      https:\/\/www.truste.com\/resources?doc=516"},{"key":"4_CR42","unstructured":"United States Department of Homeland Security: Privacy Threshold Analysis (PTA) (2007). \n                      http:\/\/www.dhs.gov\/xlibrary\/assets\/privacy\/DHS_PTA_Template.pdf"},{"issue":"1","key":"4_CR43","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1016\/j.clsr.2011.11.007","volume":"28","author":"D Wright","year":"2012","unstructured":"Wright, D.: The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28(1), 54\u201361 (2012)","journal-title":"Comput. Law Secur. Rev."},{"key":"4_CR44","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-007-2543-0","volume-title":"Introduction to Privacy Impact Assessment","author":"D Wright","year":"2012","unstructured":"Wright, D., De Hert, P.: Introduction to Privacy Impact Assessment. Springer, Netherlands (2012)"},{"key":"4_CR45","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1145\/1978542.1978568","volume":"54","author":"D Wright","year":"2012","unstructured":"Wright D.: Should privacy impact assessments be mandatory? Commun. ACM, 54(8), pp. 121\u2013131 (2012)","journal-title":"Commun. ACM"}],"container-title":["Lecture Notes in Computer Science","Privacy Technologies and Policy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-31456-3_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T18:04:06Z","timestamp":1559412246000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-31456-3_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319314556","9783319314563"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-31456-3_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}