Privacy and security risk assessment tool

How to use the risk assessment tool

  1. Assess each element independently:
  • Nature of the data
  • Risk Sensitivity Profile
    • Degree to which steps have been taken to safeguard the data (i.e., anonymous, anonymized, de-identified, identifiable)
  • Severity Profile
    • If a breach were to occur, the severity of the consequences that may result if disclosed (i.e., magnitude of harm)
  • Likelihood of Breach
    • Likelihood of a disclosure occurring (i.e., probability of harm and risk expectancy)
  1. Score each element separately and calculate a total score:
  • Score < 3  = data transfer agreement is not required
  • Score between 3 and 8 = data transfer agreement is recommended
  • Score > 8 = data transfer agreement is required

Privacy and security risk assessment tool


No risk (0)

Low Risk (1)

Medium Risk (2)

High Risk (3)


Categorization of data

Data is publicly available or non-sensitive

Sensitive data

Restricted data

Highly restricted data


Risk sensitivity profile

No direct or indirect identifiers were ever attached to data (i.e., data is anonymous)

Some indirect or pseudo identifiers but data has been anonymized or de-identified to “Safe harbor standards

Anonymized database will be linked to another database with de-identified data where the risk of re-identification in combined database is low to medium

Direct identifiers remain in the data set or data linkage will occur where indirect/pseudo identifiers in data sets could re-identify participants


Severity Profile

No impact with respect to research participants’ privacy, and/or real or perceived risk of research related harms to participants is negligible

No risk of re-identification and no risk of harm to participants if privacy incident but credibility of institution could be impacted or ethics review and approval questioned

Potential for identifying research participants is significant and if a breach potential exists for both harm to participants and to institution

Loss of control, disclosure or access to identifiable and sensitive information would create significant harm to either participant or institution


Likelihood of breach

Very unlikely to not likely at all due to information handling protocols which are in place

Likelihood is low because the circumstances under which breach could arise are rare to improbable and back up security measures are in place (e.g., encryption of data, restricted access to files)

Likelihood is higher because of gaps in current security protocols and back-up security not sufficient (e.g., passwords cannot be developed to Waterloo IST standards)

Likelihood is strong based on the absence of comprehensive organizational, physical, and technological safeguards or absence of ability to ensure diligence by staff to adhere to safeguards (e.g., data cannot be encrypted or securely stored.)


Total Score


Adapted from material developed and copyright by Due Diligence Associates, May 2015, and used with permission.