https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity
GSMA Privacy Design Guidelines for mobile app development
NHS mobile app assessment questions
HoganLovells: Practical GDPR Guide (June 2018)
“Deceived by Design”
“How tech companies use dark patterns to discourage us from
exercising our rights to privacy”
Report at https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf
CNIL annual report 2017
CNIL updates to PIA guides (Feb 2018)
CNIL updates to PIA guides (Feb 2018)
https://www.cnil.fr/en/cnil-publishes-update-its-pia-guides
Knowledge base
incl. recommendations on many organisational and technical controls,
risk sources, etc..
https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf
De-Identification, Reversible and Irreversible Pseudonymisation (NIST + IHE + ISO)
NISTIR 8053 De-Identification of Personal Information (Simson L. Garfinkel)
https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf
IHE
Technical Frameworks:
http://www.ihe.net/Technical_Frameworks/#IT
Healthcare De-Identification Handbook:
https://wiki.ihe.net/index.php/Healthcare_De-Identification_Handbook
ISO 25237
ISO/TS 25237 describes the objectives of de-identification to include:
- secondary use of clinical data (e.g., research);
- clinical trials and post-marketing surveillance;
- pseudonymous care;
- patient identification systems;
- public health monitoring and assessment;
- confidential patient-safety reporting (e.g., adverse drug effects);
- comparative quality indicator reporting;
- peer review;
- consumer groups;
- medical device calibration or maintenance.