management of privacy goals. We have presented 
the initial design and intended usage of the 
approach. We have also partially tried out the 
approach and shown how it can be applied to a 
constructed example. The example was motivated by 
a real-life scenario of so-called Mobility-as-a 
Service, and designed by two domain experts. The 
initial findings indicate feasibility of instantiating 
the approach, therein identifying and specifying 
privacy-relevant concerns of the service. The 
approach has also facilitated gaining new knowledge 
about (privacy enhancing) design of the service 
under analysis.    
We have also gained useful insight into the 
strengths and weaknesses of the approach as well as 
suggested directions for future research. The 
directions include refinement of the scorecard design 
and usage guidelines, tool support for visualization, 
as well as further empirical evaluation. Particularly, 
the following needs have been highlighted:  
-  more detailed support for design and estimation 
of privacy indicators,  
-  more detailed support for follow-up of the 
initiatives (progress, cost, responsibilities),  
-  support for expressing dependencies between 
the initiatives,  
-  support for cost-benefit analysis (cost being the 
expenditure implementing the initiatives, and 
benefit being improvement of privacy concerns) 
for selection of the initiatives,  
-  tool support for real-time follow up of the 
scores and visualization of the trends,   
-  empirical evaluation of usefulness and 
performance of the approach,  
-  more detailed usage guideline including 
customization of the guideline to the specific 
development approaches, and  
-  specializations of the Privacy Scorecard canvas 
with respect to different industry sectors and 
domains.  
ACKNOWLEDGEMENTS 
This work has been conducted as part of the 
PrivacyAssessment@SmartCity project funded by 
SINTEF.  
REFERENCES 
Altbeacon. http://altbeacon.org/ Last accessed: Nov. 2, 
2016. 
European Parliament, Council of the European Union. 
Regulation (EU) 2016/679 - Protection of natural 
persons with regard to the processing of personal data 
and on the free movement of such data, 2016. 
Erdogan, G., Omerovic, A., Natvig, M. K., Tardy, I.C.R., 
2016. Technical report A27830. Needs and challenges 
concerning privacy risk management within Intelligent 
Transport Systems - Problem analysis in project 
PrivacyAssessment@SmartCity.  SINTEF. 
Friginal, J., Guiochet, J., Killijian, M.-O. Towards a 
Privacy Risk Assessment Methodology for Location-
Based Systems. In Proc. 10th International Conference 
on Mobile and Ubiquitous Systems: Computing, 
Networking and Services, pages 748-753. Springer, 
2014. 
Hietanen, S.. Mobility as a Service - the new transport 
model? Eurotransport Magazine, 12(2):2-4, 2014. 
ISO/IEC 27005:2011(E), International Organization for 
Standardization. Information technology - Security 
techniques - Information security risk management, 
2011. 
ISO/IEC 29100:2011(E), International Organization for 
Standardization.  Information technology - Security 
techniques - Privacy framework, 2011. 
ISO 22307:2008(E), International Organization for 
Standardization. Financial services - Privacy impact 
assessment, 2008. 
Kaplan, R.S., Norton, D.P. Putting the balanced scorecard 
to work. Performance measurement, management, and 
appraisal sourcebook, 66, p.17511. 1995. 
Knirsch, F., Engel, D., Neureiter, C., Frincu,  M. Prasanna, 
V.  Model-driven Privacy Assessment in the Smart 
Grid. In Proc. 1st International Conference on 
Information Systems Security and Privacy, pages 173-
181. SCITEPRESS, 2015. 
Mylonas, A., Theoharidou, M., Gritzalis, D. Assessing 
Privacy Risks in Android: A User-Centric Approach. 
In Proc. 1st International Workshop on Risk 
Assessment and Risk-driven Testing (RISK'13), pages 
21-37. Springer, 2014. 
NIST SP 800-30,National Institute of Standards and 
Technology. Guide for Conducting Risk Assessment, 
2012. 
Psaraki, V., Pagoni, I. Schafer, A. Techno-economic 
assessment of the potential of intelligent transport 
systems to reduce CO2 emissions. IET Intelligent 
Transport Systems, 6(4):355-363, 2012. 
Place Tips, 
https://www.facebook.com/business/news/place-tips-
for-businesses Last accessed: Nov. 2, 2016. 
Ren, D., Du, S., Zhu, H. A Novel Attack Tree Based Risk 
Assessment Approach for Location Privacy 
Preservation in the VANETs. In Proc. IEEE 
International Conference on Communications 
(ICC'11), pages 1-5. IEEE Computer Society, 2011. 
Tancock, D. Pearson, S. Charlesworth, A. A Privacy 
Impact Assessment Tool for Cloud Computing, pages 
73-123. Springer, 2013. 
Theoharidou, M., Papanikolaou, N., Pearson, S. Gritzalis, 
D. Privacy Risk, Security, Accountability in the Cloud. 
In Proc. 5th International Conference on Cloud 
ICISSP 2017 - 3rd International Conference on Information Systems Security and Privacy