Table 2.
Threat groups and associated controls. The detailed description of all subthreats can be found in Multimedia Appendix 3.
| Threat Group | Description | Controls |
| T1.1-T1.5 | Lack of transparency, missing or insufficient service information | C1.1, C1.2, C1.3, C1.4, and C6.2 |
| T1.6-T1.10 | Lack of transparency, missing or insufficient privacy statement | C1.5 |
| T1.11-T1.18 | Unspecified and unlimited purpose | C1.7, C1.8, C1.9, and C1.10 |
| T1.19-T1.24 | Collection and/or combination of data exceeding purpose | C1.8, C1.9, and C1.10 |
| T1.25-T1.30 | Missing quality assurance of data | C1.12, C1.14, and C7.1 |
| T1.31-T1.34 | Unlimited data storage | C1.15 and C1.10 |
| T2.1-T2.8 | Invalidation or nonexistence of consent | C3.1 and C5.5 |
| T3.1-T3.5 | No or insufficient information concerning collection of data from the data subject | C4.1, C4.2, and C5.1 |
| T4.1-T4.4 | Inability to provide individualized information about processed data and purpose | C5.1, C7.1, and C7.5 |
| T5.1-T5.6 | Inability to rectify, erase, or block individual data | C1.15, C5.3, C7.1, C7.5, and |
| T5.7 | Inability to notify third parties about rectification, erasure and blocking of individual data | C5.3 |
| T5.8-T5.10 | Inability to support data portability for individual data | C5.4 |
| T6.1 | Inability to allow objection to the processing of personal data | C6.1 and C6.2 |
| T6.2-T6.5 | Inability to allow objection to the disclosure of data to third parties | C4.2, C6.1, and C6.2 |
| T6.6 | Inability to allow objection to being subject to decisions that are solely based on automated processing of data | C6.2 |
| T7.1-T7.3 | Identity threats, misuse and leakage of data subject identities [21] | C7.1, C7.5, C7.6, C7.7, and C7.8 |
| T7.4-T7.11 | Access threats, unauthorized access and modification of PHIa or PHRb [21] | C5.5, C7.2, C7.5, C7.6, C7.9, C7.10, and C7.11 |
| T7.12-T7.19 | Disclosure threats, unauthorised disclosure and data leaks of PIIc and PHI [21] | C7.2, C7.3, C7.4, C7.5, C7.6, C7.8, C7.10, C7.12, and C7.13 |
| T7.20-T7.21 | Denial-of-service threats [22,24] | C7.3, C7.10, C7.14, C7.15, and C7.16 |
| T7.22-T7.24 | Inability to detect personal data breaches and communicate them to data subjects | C7.5, C7.6, C7.17, C8.2, and C8.3 |
| T8.1-T8.2 | Lack of accountability of personal data storage, processing, and transmission | C7.6, C8.1, and C8.4 |
| T8.3-T8.6 | Noncompliance with notification requirements | C8.2 and C8.4 |
aPHI: protected health information.
bPHR: personal health record.
cPII: personally identifiable information.
cNote that each group of threats has a number of more specific subthreats (eg, T1.1, T1.2, and T1.3). The technical or organizational controls (listed in Table 1) can then be associated to 1 or more subthreats.