Date of Award

Spring 5-4-2022

Document Type


Degree Name

Doctor of Philosophy in Cyber Defense (PhDCD)


Computer Science

First Advisor

Kevin Streff

Second Advisor

Omar El-Gayar

Third Advisor

Shengjie Xu

Fourth Advisor

Mary Francis


Recent changes have increased the need for and awareness of privacy assessments. Organizations focus primarily on Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) but rarely take a comprehensive approach to assessments or integrate the results into a privacy risk program. There are numerous industry standards and regulations for privacy assessments, but the industry lacks a simple unified methodology with steps to perform privacy assessments. The objectives of this research project are to create a new privacy assessment methodology model using the design science methodology, update industry standards and present training for conducting privacy assessments that can be adapted by organizations of any shape, size, industry, or geography.

The purpose of this project is to create a unified privacy assessment methodology that will assist organizations with privacy and compliance obligations by simplifying the assessment process with steps that are repeatable and can be adopted by organizations of any shape, size, industry, or geography. The project will address three research questions. What steps are needed to conduct a unified privacy assessment? What inputs and outputs are needed to complete each step in the assessment? What variables are needed as it relates to assessments? The research project was conducted using design science methodology following the engineering lifecycle for a technical action research project. The project created a new privacy assessment methodology model with five steps. The privacy assessment methodology was evaluated with a use case at an organization based in the US with offices globally.

The research project created a new unified privacy assessment methodology as set forth in the beginning of the project. The model was evaluated and validated through realworld business use case of a global healthcare organization and a dozen training sessions presenting this research. This work will not stop with this project, it merely sets the path for additional innovative and industry impacting solutions.