Module 2: AI Impacts & Responsible AI · BoK II.A

Harms taxonomies 101

A Harms taxonomy is a list of negative consequences that could befall a data subject or organisation - an ontological map breaking harms into constituent components. They matter because they focus professionals on consequences for individuals and society and enable targeted, controlled selection of controls.

Two definitions to memorise, then the reason they exist.

What it is

A list of negative consequences that could befall the data subject or organisation if information is leaked or misused. An ontological map that breaks harms into their constituent components or attributes, looking at dimensions like an attacker's capacity to complete the harm and their opportunity.

Why it matters:

Privacy laws protect rights → harm explains why those rights matter.
Focuses professionals on consequences for individuals and society.
Builds empathy for the people whose data is collected.
Once harms are broken down → targeted, controlled selection to drive down a specific risk type (security, privacy, business).

Key terms - quick answers

What is “Harms taxonomy”?

A list of negative consequences from data leak/misuse; an ontological map breaking harms into constituent components like attacker capacity and opportunity.

← Who gets harmed: the five targets Three privacy harms taxonomies →