May 4, 2023 | 3:00 AM – 3:45 PM ET | Virtual
Data analytics are being promoted as a method to help small businesses increase innovation, enhance customer experience, save money, and improve their brand. If your small business is using data analytics—whether in-house or relying on a service provider to do it for you—it is important to be aware of the privacy implications of these activities.
This event took place during National Small Business Week and was an interactive discussion about how to manage privacy risks associated with data analytics.
During the webinar, the speakers covered:
April 3, 2023 | 9:00 AM – 9:30 AM ET | In-person | Washington, D.C.
Privacy Engineering Section Forum
Opening Keynote: Naomi Lefkovitz, Senior Privacy Policy Advisor Manager, Privacy Engineering, NIST
April 4, 2023 | 2:30 PM – 3:45 PM ET | In-person | Washington, D.C.
A Practitioner's Guide to Managing and Mitigating the Privacy Risks of AI
Katharina Koerner, CIPP/US, Principal Researcher, Technology, IAPP
Naomi Lefkovitz, Senior Privacy Policy Advisor, Program Manager, Privacy Engineering, NIST
Oliver Patel, CIPP/E, Enterprise AI Governance Lead, AstraZeneca
Organizations use AI and machine learning to inform decisions and automate processes, like medical diagnosis. There are significant privacy risks, because vast amounts of sensitive data are often processed and more data usually means better performing AI. This session explores state-of-the-art privacy engineering techniques which practitioners can employ to mitigate the risks of AI systems, promote data minimization and ensure AI is privacy-preserving by design. For example, differential privacy can prevent an algorithm’s output from revealing information about its training data, whereas federated learning reduces data breach risk by distributing the training of an AI model across different servers. Machine learning models can also be hosted on user devices, and the number of data-points which algorithms evaluate can be reduced, minimizing data sharing and processing. Additional anonymization and pseudonymization techniques will be discussed. However, there are tradeoffs between safeguarding privacy and implementing wider responsible AI principles, like explainability and transparency.
Attendees will learn:
May 18, 2022 | 9:30 AM – 10:15 AM ET | In-person
KEYNOTE ADDRESS: International Perspectives on Privacy-Enhancing Technologies: Potential, Policies & Prizes
Emerging PETs have the potential to unlock trustworthy data-driven innovation across sectors. However, there remain barriers to their adoption, including a lack of awareness, understanding, and expertise of these technologies and how to embed them in good organizational practice. In this session, hear from the US & UK government agencies on how they are helping to drive the maturity of privacy-enhancing technologies.
Attendees learned about:
April 21, 2022 | 12:00 PM – 1:00 PM ET | Virtual
Please join CFPB and NIST for a discussion around privacy engineering, defining privacy engineering practices, and how this role supports enhanced privacy protections in systems and services. NIST will provide insight into the opportunities for privacy engineering within the federal government and how NIST is helping other organizations operationalize privacy engineering as a field. CFPB will provide an overview of how it is integrating privacy engineering within the organization and how it encourages security and privacy engineering collaboration through the implementation of NIST guidance.
Please note: This event is open to all federal employees and contractors (with supervisory/COR approval). This is a closed press event.
April 13, 2022 | 8:00 AM – 9:00 AM ET | In-person
How to Think About Privacy-enhancing Technologies
Privacy-enhancing technologies like secure multiparty computation, homomorphic encryption, federated learning, differential privacy, secure enclaves, zero-knowledge proof or synthetic data are increasingly maturing and becoming relevant in practice. They promise to support the data economy by facilitating collaborative information-sharing and data utility while mitigating privacy and security risks by embedding privacy by design throughout the data life cycle or focusing on de-identification or anonymization of personal data. Regulators and standardization bodies too are focusing on the opportunities PETs present. This panel will an give an overview of privacy enhancing technologies from a technical and legal perspective. It will bring together leading engineers and researchers with legal and policy professionals as well as early adopters, sharing their expertise about those new technologies.
What you will learn:
April 12, 2022 | 4:15 PM – 5:15 PM ET | In-person
What is "Privacy Risk?" Three Modern Methods for Risk Assessment
GDPR and the NIST Privacy Framework call for a risk-based approach to privacy. But what is "privacy risk?" Many privacy risk models are home-grown or insufficiently arbitrary and subjective. In this session, Janelle Hsia plays the role of a client seeking expert advice on the risks of her company's new service. Three experts will analyze the privacy risks using three modern privacy models: FAIR Privacy from the IAPP textbook “Strategic Privacy by Design,” NIST's Privacy Risk Assessment Methodology, and KU Leuven's Privacy Risk Assessment for Data-Subject Aware Threat Modeling. The client will then review, compare and contrast the different results.
What you will learn:
May 25, 2021 | 3:30 – 4:30 PM ET | Virtual
Dylan Gilbert
The NIST Privacy Framework is a voluntary tool designed to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. Organizations have picked up and put it into practice since its January release. Now it’s time to check in with these early adopters and hear straight from the source how and why they’ve operationalized it. Attendees heard about implementation use cases, challenges and successes, and adoption tips.
Hosted by Armanino
January 27, 2021 | 2:00 – 3:00 PM ET | Virtual
Dylan Gilbert
NIST joined Hyperproof experts to present how to utilize the NIST privacy framework and relevant privacy expertise for efficient implementation of your privacy program globally by using appropriate technology to facilitate and speed up this process.
January 27, 2021 | Virtual
Naomi Lefkovitz
NOTE: THIS MEETING WAS OPENED TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP. SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.
The Federal Computer Security Program Managers (FCSM) Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of information system security information among federal, State, and Higher Education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. Visit the event page for more information and the agenda for the October meeting.
October 1, 2020 | Virtual
Naomi Lefkovitz
Hosted by the International Association of Privacy Professionals
September 22-24, 2020 | Virtual
On September 22-24, 2020, the International Association of Privacy Professionals (IAPP) hosted a virtual workshop on the development of a workforce capable of managing privacy risk. NIST joined the IAPP to lead working sessions where stakeholders can share feedback on the roles, tasks, knowledge, and skills that are necessary to achieve the Privacy Framework’s outcomes and activities. NIST will use this feedback to inform the development of a privacy workforce taxonomy.
April 8, 2020 | 2:00 - 3:30 PM ET | Webcast
Naomi Lefkovitz
September 23, 2019 | 3:45 - 5:15 PM PT | Las Vegas, NV
Privacy Engineering Section Forum - NIST Privacy Engineering Collaboration Space - Kaitlin Boeckl
August 12, 2019 | 10:15 - 10:30 AM ET | Santa Clara, CA
Explore NIST's Privacy Engineering Collaboration Space - Kaitlin Boeckl
May 3, 2019 | 9:30 - 10:30 AM ET | Washington, DC
The Security & Privacy Bunch, AKA “NIST RMF 2.0” - Naomi Lefkovitz & Victoria Pilliterri
March 4-7, 2019 | San Francisco, California | Moscone Center South Expo Hall
NIST Privacy Engineering Collaboration Space Demo @ NIST Booth #2367, South Expo Hall
Tuesday, March 5 at 2:00 PM
Wednesday, March 6 at 3:00 PM
Explored NIST’s new Privacy Engineering Collaboration Space through a demo at NIST's RSA Conference 2019 booth (#2367) in the South Expo Hall! The Privacy Engineering Collaboration Space is an online venue open to the public where practitioners can discover, share, discuss, and improve upon open source tools, solutions, and processes that support privacy engineering and risk management. At this demo, individuals were able to see the range of de-identification and privacy risk management tools in the space, and learn how to contribute your own.
February 28, 2019, 1 - 3 PM ET | Webcast
Naomi Lefkovitz
October 17-19, 2018 | Austin, TX
Managing Risk for the Internet of Things - Naomi Lefkovitz, Ellen Nadeau & Katerina Megas
Managing Privacy Risk Using the Risk Management Framework (RMF) - Ellen Nadeau
October 4, 2018, 4 - 5 PM ET | Washington, DC
Managing Risk for the Internet of Things - Naomi Lefkovitz & Katie Boeckl
October 4, 2018 | Washington, DC
A Trusted Connected World of Things: A focus on the role of a transatlantic dialogue to set IoT privacy and security principles - Naomi Lefkovitz
Hosted by the NIST
July 11, 2018 | Gaithersburg, MD
This workshop will help the program through the development of the Cybersecurity for IoT Program and Privacy Engineering Program’s publication on an introduction to managing IoT cybersecurity and privacy risk for federal systems. This will include work to date identifying typical differences in cybersecurity and privacy risk for IoT systems versus traditional IT systems, considerations for selecting and using technical controls to mitigate IoT cybersecurity and privacy risk, and basic cybersecurity and privacy controls for manufacturers to consider providing in their IoT products. A pre-read document has been posted to help guide conversation.
Pre-Read Document Event Website
May 22 - May 24, 2018 | Amsterdam, Netherlands
Ellen Nadeau attended.
Hosted by the NIST
May 18, 2018, 9 AM - 12:30 PM | Gaithersburg, MD
As part of an ongoing series of workshops on privacy engineering and risk management, NIST hosted a public workshop on May 18th in Gaithersburg, Maryland. NIST is seeking feedback from stakeholders on how to incorporate privacy, for the first time, into the upcoming revision of NIST Special Publication 800-53A, Assessing Security and Privacy Controls in Federal Information Systems, the companion guidance for NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems. NIST is interested in learning about privacy practitioners’ current procedures for assessing privacy controls, lessons learned, and challenges in order to develop appropriate guidance. You may send feedback regarding the upcoming revision of NIST SP 800-53A to privacyeng [at] nist.gov (privacyeng[at]nist[dot]gov), and sign up for NIST’s Privacy Engineering Program email updates to receive future announcements.
Workshop Summary Event Website
April 17, 2018, 2:15 PM - 3 PM | San Francisco, CA
Nobody Puts Privacy in a Corner: Privacy in Enterprise Risk Management - Naomi Lefkovitz
Hosted by the NIST Privacy Engineering Program
March 29, 2018, 2 - 4 PM | Washington, DC
March 29, 2017 | Washington, DC
The Researchers’ View: Privacy Engineering on the Bleeding Edge - Naomi Lefkovitz
March 26, 2018 | Washington, DC
Meeting Challenges of Privacy, Security & GDPR Compliance in the Cloud - Naomi Lefkovitz & Ellen Nadeau
Managing Privacy Risk - Naomi Lefkovitz & Ellen Nadeau
February 14, 2018 | Long Beach, California
Privacy and Security - Ellen Nadeau
January 28, 2018 | Brussels, Belgium
Privacy Engineering: Lingua Franca for Transatlantic Privacy - Naomi Lefkovitz
October 29 – November 4, 2017 | Berlin, Germany
Working Group 1 participation - Naomi Lefkovitz & Ellen Nadeau
October 16, 2017 | San Diego, California
Security and Privacy Engineering: It’s Not a Zero-Sum Game - Ellen Nadeau
October 4-6, 2017 | Washington, D.C.
Managing Privacy Risk in the Federal Government - Naomi Lefkovitz and Ellen Nadeau
September 12, 2017 | Washington, D.C.
Practical Application of Privacy and Civil Liberties - Naomi Lefkovitz
Hosted by the NIST Privacy Engineering Program
June 5, 2017 | Gaithersburg, Maryland
May 15, 2017 | Washington, D.C.
Unlocking Value Through Attributes - Naomi Lefkovitz
April 5, 2017 | Charlottesville, Virginia
Challenges of the Internet of Things - Naomi Lefkovitz
March 28, 2017 | Washington, D.C.
Perceptions of Privacy - Ellen Nadeau
February 16, 2017 | San Francisco, California
Privacy Enhancing Technologies Work: But Can Anyone Use Them? - Naomi Lefkovitz
February 14, 2017 | Gaithersburg, Maryland
Privacy Engineering at NIST - Ellen Nadeau
Hosted by the NIST Privacy Engineering Program
September 8, 2016 | Washington, D.C.
Hosted by the NIST Privacy Engineering Program
August 30, 2016 | Gaithersburg, Maryland