Engineering for Privacy: NIST Workshop Meets April 9-10, 2014

On April 9 and 10, 2014, the National Institute of Standards and Technology (NIST) will host a workshop that focuses on developing "privacy engineering" to ensure that privacy is an integral part of the design process of new IT products, services or systems.

The Fair Information Practice Principles (FIPPS), first articulated in the early 1970s, provide a widely accepted framework of basic precepts that have traditionally been used to evaluate the systems, processes and programs that affect individual privacy. But privacy often is an afterthought when systems are being developed or implemented, and principles can be difficult to implement consistently due to a lack of associated technical standards.

"We still have some foundational work to do to achieve technical privacy standards," said Naomi Lefkovitz, senior privacy policy advisor at NIST. "We have high-level principles, but we lack a mature body of work around threat models, risk management models and design system requirements."

The goal of privacy engineering is to create and follow a repeatable process that can be counted on to deliver consistent results under the same conditions. By examining existing models such as security engineering and safety risk management, the workshop will explore the concepts of a privacy engineering methodology, including a privacy risk management model, privacy requirements and system design and development.

The workshop also will support efforts to address the gaps and challenges revealed by the development of the Framework for Improving Critical Infrastructure Cybersecurity. The framework's accompanying roadmap identified technical privacy standards as among several areas in need of development, alignment and collaboration.

IT professionals including privacy policy experts and system design engineers, are encouraged to attend the workshop. Register to attend online. Registration closes April 2, 2014.