Trilateral Research Ltd. offers a range of services in the area of impact assessments, to the private and public sector. We do not follow a ‘one size fits all’ approach and tailor our solutions according to the needs of the client. Impact assessments provide an opportunity for organisations to explore, assess, analyse and potentially mitigate a wide range of risks in relation to new information and data systems.
Privacy Impact Assessment (including Data Protection Impact Assessment)
Privacy Impact Assessments (PIA) are processes for understanding and anticipating the impact that a new technology, process or service can have on the privacy of individuals and groups. PIAs are not legal compliance checks or privacy audits, however they can enable an organisation to demonstrate compliance with legislation in the case of a privacy audit or complaint. Undertaking a PIA can provide evidence that the organisation acted appropriately in attempting to prevent the occurrence of a data breach. This can help to reduce or even eliminate any liability, negative publicity and loss of reputation. However, PIAs are not simply used to warn against potential risks but also to mitigate these risks, and to change the development process accordingly.. The new EU data protection regulation suggests several types of high risk data processing where it recommends that a Data Protection Impact Assessment should be carried out prior to the launch of a service or product. Trilateral has closely followed the regulatory process and can advise on, or conduct appropriate assessments as required.
Trilateral has carried out privacy impact assessments (PIAs) for the United Nations High Commissioner for Refugees (UNHCR) and produced data protection impact assessment guidance for the International Committee of the Red Cross (ICRC). They are also carrying out PIA’s in a number of H2020 projects.
Surveillance Impact Assessment
A SIA provides a means of determining how a surveillance measure, product, technology, system, policy might affect different stakeholders, particularly society. The benefits of conducting an SIA to an organisation include: early identification of the potential impacts of surveillance, risk avoidance and management.
For the purpose of the EU FP7 project, SAPIENT, Trilateral produced the first Surveillance Impact Assessment (SIA) methodology for security and surveillance systems and technologies. This SIA approach includes an assessment of the social, ethical and privacy risks inherent in new technological systems, and was disseminated in the form of an SIA manual and guidance document.
Ethical Impact Assessment
New technologies, projects, products, services, policies, and programs may raise not only privacy concerns but also other social and ethical issues. An ethical impact assessment is a way of ensuring all ethical implications are adequately examined by stakeholders before the deployment of a new technology or project so that mitigating measures can be taken as necessary.
Trilateral Research coined the term ‘ethical impact assessment’, a concept we developed in the SENIOR (senior citizens, e-inclusion and ethics), and PRESCIENT (privacy and ethics) projects. Trilateral has since presented a framework for ethical impact assessment, which it is using in the PULSE project.
Socio-economic Impact Assessment
Trilateral Research undertook a study for the European Commission, DG for Justice on understanding the socio-economic impact of eight changes in the proposed Data Protection Regulation. The study was conducted in the first half of 2011. Trilateral participated in the EU FP7 ASSERT project which developed a methodology for assessing the societal impact of security technology research projects, and helped to deliver master classes on this methodology for EU researchers. Trilateral can bring detailed and rigorous social science research methods, both quantitative and qualitative, to socio-economic impact assessment.
Cyber Security Analysis
Trilateral has conducted several studies on information security for ENISA including cyber security in smart homes, smart hospitals, and intelligent transport. We have also participated in several research projects on information security controls and standardisation, including in growth areas such as cloud computing and the economic cost of cyber attacks. Our approach to cyber security analysis places the technical requirements of good information security in a social and organisational context. We have particular expertise in cyber security assessments including: advice on how to strengthen cyber security across technology, people and organisation; data security in relation to the requirements for data protection and privacy, but also in terms of organisational strategy; and development of data management plans for organisations and research projects.