{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,25]],"date-time":"2024-09-25T04:40:20Z","timestamp":1727239220329},"reference-count":42,"publisher":"Informa UK Limited","issue":"3","content-domain":{"domain":["www.tandfonline.com"],"crossmark-restriction":true},"short-container-title":["The Information Society"],"published-print":{"date-parts":[[2024,5,26]]},"DOI":"10.1080\/01972243.2024.2332319","type":"journal-article","created":{"date-parts":[[2024,4,4]],"date-time":"2024-04-04T06:33:55Z","timestamp":1712212435000},"page":"202-214","update-policy":"http:\/\/dx.doi.org\/10.1080\/tandf_crossmark_01","source":"Crossref","is-referenced-by-count":0,"title":["Identifying undefined risks: A risk model and a privacy risk identification measure in the privacy impact assessment process"],"prefix":"10.1080","volume":"40","author":[{"given":"Yuki","family":"Kuroda","sequence":"first","affiliation":[{"name":"Division of Medical Information Technology and Administration Planning, Kyoto University Hospital, Kyoto, Japan"}]},{"given":"Goshiro","family":"Yamamoto","sequence":"additional","affiliation":[{"name":"Division of Medical Information Technology and Administration Planning, Kyoto University Hospital, Kyoto, Japan"},{"name":"Graduate School of Informatics, Kyoto University, Kyoto, Japan"}]},{"given":"Tomohiro","family":"Kuroda","sequence":"additional","affiliation":[{"name":"Division of Medical Information Technology and Administration Planning, Kyoto University Hospital, Kyoto, Japan"},{"name":"Graduate School of Informatics, Kyoto University, Kyoto, Japan"}]}],"member":"301","published-online":{"date-parts":[[2024,4,3]]},"reference":[{"key":"e_1_3_2_2_1","unstructured":"Article 29 Data Protection Working Party. 2017. Guidelines on data protection impact assessment (DPIA) and determining whether processing is \u201clikely to result in a high risk\u201d for the purposes of regulation 2016\/679 wp248rev.01. Accessed February 28 2024. https:\/\/ec.europa.eu\/newsroom\/article29\/items\/611236"},{"key":"e_1_3_2_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-92925-5_13"},{"key":"e_1_3_2_4_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.CSWP.01162020"},{"key":"e_1_3_2_5_1","doi-asserted-by":"publisher","DOI":"10.6028\/nist.ir.8062"},{"key":"e_1_3_2_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2009.02.002"},{"key":"e_1_3_2_7_1","doi-asserted-by":"publisher","DOI":"10.1093\/idpl\/ipr002"},{"key":"e_1_3_2_8_1","unstructured":"Commission Nationale de l\u2019Informatique et des Libert\u00e9s. 2018. Privacy impact assessment (PIA). Accessed March 8 2024. https:\/\/www.cnil.fr\/en\/PIA-privacy-impact-assessment-en."},{"key":"e_1_3_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW54576.2021.00043"},{"key":"e_1_3_2_10_1","unstructured":"Data Protection Commission. 2019. Guidance note: Guide to data protection impact assessments. Accessed February 28 2024. https:\/\/www.dataprotection.ie\/en\/dpc-guidance\/guide-data-protection-impact-assessments"},{"key":"e_1_3_2_11_1","unstructured":"Datenschutzkonferenz (Conference of the Independent Data Protection Supervisory Authorities of the Federation and the L\u00e4nder). 2020. The Standard Data Protection Model Version 2.0b. Accessed February 28 2024. https:\/\/www.datenschutzkonferenz-online.de\/media\/ah\/SDM-Methode_V20b_EN.pdf."},{"key":"e_1_3_2_12_1","first-page":"61","volume-title":"Privacy and the criminal law","author":"De Hert P.","year":"2006","unstructured":"De Hert, P., and S. Gutwirth. 2006. Privacy, data protection and law enforcement: Opacity of the individual and transparency of power. In Privacy and the criminal law, eds. E. Claes, A. Duff, and S. Gutwirth, 61\u2013104. Antwerp: Intersentia."},{"key":"e_1_3_2_13_1","unstructured":"De Hert P. D. Kloza and D. Wright (eds.). 2012. Recommendations for a privacy impact assessment framework for the European Union. Accessed February 28 2024. https:\/\/zenodo.org\/records\/5141741."},{"key":"e_1_3_2_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-47072-6_15"},{"key":"e_1_3_2_15_1","unstructured":"Digital Health & Care Directorate. 2019. IGPACK template for DOC02b DPIA: Data protection impact assessment V201901. Accessed March 8 2024. https:\/\/www.digihealthcare.scot\/our-work\/information-governance-and-assurance-branch\/information-sharing-toolkit\/the-is-toolkit-approach\/."},{"key":"e_1_3_2_16_1","unstructured":"European Parliament and Council of the European Union. 2016. Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (Text with EEA Relevance). Accessed February 29 2024. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32016R0679&qid=1654983725537."},{"key":"e_1_3_2_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-007-5170-5_1"},{"key":"e_1_3_2_18_1","doi-asserted-by":"publisher","DOI":"10.21552\/edpl\/2020\/2\/6"},{"key":"e_1_3_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2015.13"},{"key":"e_1_3_2_20_1","unstructured":"Information and Privacy Commissioner of Ontario. 2015. Planning for success: Privacy impact assessment guide. Accessed February 29 2024. https:\/\/www.ipc.on.ca\/resource\/planning-for-success-privacy-impact-assessment-guide\/."},{"key":"e_1_3_2_21_1","unstructured":"Information Commissioner\u2019s Office. 2018a. Data protection impact assessments. Accessed March 8 2024. https:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/accountability-and-governance\/data-protection-impact-assessments\/."},{"key":"e_1_3_2_22_1","unstructured":"Information Commissioner\u2019s Office. 2018b. Examples of processing \u201cLikely to result in high risk.\u201d Accessed March 8 2024. https:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/data-protection-impact-assessments-dpias\/examples-of-processing-likely-to-result-in-high-risk\/."},{"key":"e_1_3_2_23_1","unstructured":"International Organization for Standardization and International Electrotechnical Commission. 2017. ISO\/IEC 29134:2017 Information technology - security techniques - guidelines for privacy impact assessment. Accessed February 29 2024. https:\/\/www.iso.org\/standard\/62289.html."},{"key":"e_1_3_2_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11206-005-1898"},{"key":"e_1_3_2_25_1","first-page":"483","article-title":"A typology of privacy","volume":"38","author":"Koops B. J.","year":"2017","unstructured":"Koops, B. J., B. C. Newell, T. Timan, I. \u0160korv\u00e1nek, T. Chokrevski, and M. Gali\u010d. 2017. A typology of privacy. University of Pennsylvania Journal of International Law 38:483\u2013575.","journal-title":"University of Pennsylvania Journal of International Law"},{"key":"e_1_3_2_26_1","unstructured":"National Institute of Standards and Technology. 2019. NIST privacy risk assessment methodology (PRAM). Accessed Accessed February 29 2024. https:\/\/www.nist.gov\/itl\/applied-cybersecurity\/privacy-engineering\/resources."},{"key":"e_1_3_2_27_1","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2013.18"},{"key":"e_1_3_2_28_1","article-title":"List of processing operations subject to data protection impact assessment","author":"Office for Personal Data Protection of the Czech Republic","year":"2018","unstructured":"Office for Personal Data Protection of the Czech Republic. 2018. List of processing operations subject to data protection impact assessment. Accessed February 29, 2024. https:\/\/edpb.europa.eu\/sites\/default\/files\/decisions\/cz_dpia_list_354_cz_authority.pdf.","journal-title":"Accessed February 29, 2024."},{"key":"e_1_3_2_29_1","unstructured":"Office of the Australian Information Commissioner. 2021. Guide to undertaking privacy impact assessments. Accessed February 29 2024. https:\/\/www.oaic.gov.au\/privacy\/guidance-and-advice\/guide-to-undertaking-privacy-impact-assessments."},{"key":"e_1_3_2_30_1","unstructured":"Office of the Privacy Commissioner. 2015. Privacy impact assessment toolkit. Accessed March 8 2024. https:\/\/www.privacy.org.nz\/publications\/guidance-resources\/privacy-impact-assessment\/."},{"key":"e_1_3_2_31_1","unstructured":"Office of the Privacy Commissioner of Canada. 2020. Expectations: OPC\u2019s guide to the privacy impact assessment process. Accessed February 29 2024. https:\/\/www.priv.gc.ca\/en\/privacy-topics\/privacy-impact-assessments\/gd_exp_202003\/."},{"key":"e_1_3_2_32_1","unstructured":"Office of the Victorian Information Commissioner. 2021. Privacy impact assessment guide. Accessed February 29 2024. https:\/\/ovic.vic.gov.au\/privacy\/privacy-impact-assessment\/."},{"key":"e_1_3_2_33_1","unstructured":"Organisation for Economic Co-operation and Development Council. 1980. Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data. Accessed March 8 2024. https:\/\/legalinstruments.oecd.org\/en\/instruments\/OECD-LEGAL-0188."},{"key":"e_1_3_2_34_1","unstructured":"Personal Data Protection Commission. 2021. Guide to data protection impact assessments. Accessed February 29 2024. https:\/\/www.pdpc.gov.sg\/help-and-resources\/2017\/11\/guide-to-data-protection-impact-assessments."},{"issue":"1","key":"e_1_3_2_35_1","first-page":"20","article-title":"Time to modernize privacy risk assessment","volume":"38","author":"Shapiro S. S.","year":"2021","unstructured":"Shapiro, S. S. 2021. Time to modernize privacy risk assessment. Issues in Science and Technology 38 (1):20\u201322.","journal-title":"Issues in Science and Technology"},{"key":"e_1_3_2_36_1","doi-asserted-by":"publisher","DOI":"10.2307\/40041279"},{"key":"e_1_3_2_37_1","first-page":"1880","article-title":"Introduction: Privacy self-management and the consent dilemma","volume":"126","author":"Solove D. J.","year":"2012","unstructured":"Solove, D. J. 2012. Introduction: Privacy self-management and the consent dilemma. Harvard Law Review 126:1880\u20131903.","journal-title":"Harvard Law Review"},{"key":"e_1_3_2_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-66504-3_17"},{"key":"e_1_3_2_39_1","unstructured":"Van Puijenbroek J. and J. Hoepman. 2017. Privacy impact assessments in practice: Outcome of a descriptive field research in the Netherlands. Accessed February 29 2024. https:\/\/www.semanticscholar.org\/paper\/3974eb5ad8d40138e4f74a5d6929ed962b0656b9."},{"key":"e_1_3_2_40_1","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-04-2019-0047"},{"key":"e_1_3_2_41_1","doi-asserted-by":"publisher","DOI":"10.2307\/1321160"},{"key":"e_1_3_2_42_1","doi-asserted-by":"publisher","DOI":"10.1080\/01972243.2013.825687"},{"key":"e_1_3_2_43_1","doi-asserted-by":"publisher","DOI":"10.30950\/jcer.v9i1.513"}],"container-title":["The Information Society"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/01972243.2024.2332319","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,25]],"date-time":"2024-09-25T02:14:03Z","timestamp":1727230443000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/01972243.2024.2332319"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,3]]},"references-count":42,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,5,26]]}},"alternative-id":["10.1080\/01972243.2024.2332319"],"URL":"https:\/\/doi.org\/10.1080\/01972243.2024.2332319","relation":{},"ISSN":["0197-2243","1087-6537"],"issn-type":[{"type":"print","value":"0197-2243"},{"type":"electronic","value":"1087-6537"}],"subject":[],"published":{"date-parts":[[2024,4,3]]},"assertion":[{"value":"The publishing and review policy for this title is described in its Aims & Scope.","order":1,"name":"peerreview_statement","label":"Peer Review Statement"},{"value":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=utis20","URL":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=utis20","order":2,"name":"aims_and_scope_url","label":"Aim & Scope"},{"value":"2022-08-11","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-08","order":1,"name":"revised","label":"Revised","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-14","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-04-03","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}