Minimisation of incidental findings, and residual risks for security compliance : the SPIRIT project

This paper introduces the policy for minimisation of incidental findings and residual risks of the SPIRIT Project. SPIRIT is a EU H2020 Security project, aimed at browsing relevant sources, including the socalled "dark web". It proposes a semantically rich sense-making set of tools aimed at detecting identity fraud patterns. It provides "Technologies for prevention, investigation, and mitigation in the context of fight against crime and terrorism" for the use of LEAs in Europe. According to GDPR, some protections must be put in place. We explain how we planned and designed them. Specifically, we turned incidental findings into an incidental risks policy, planned a risk mitigation strategy (ongoing privacy preserving algorithm development), and set a dynamic DPIA

D9.2 - SPIRIT - Incidental Findings Policy

SPIRIT. Scalable Privacy Preserving Intelligence Analysis for Resolving Identities. Deliverable D9.2 describes the operation of a spreadsheet-based model which seeks to calculate the overall risks which may be faced by the SPIRIT system, both before and after policies have been implemented to mitigate these risks. The model has yet to be calibrated using data on each of the risks - a process which will require considerable resources and time - but in order to illustrate the working of the model, we have populated it with example, very preliminary, guesstimates. Incidental risks are the risks of misuse of the system caused by internal and external factors. These risks can be mitigated (reduced) by the use of suitable policies. The risks that remain after these policies have been implemented and taken full effect are termed residual risks