Privacy is a challenging subject that spans a number of domains, including law, policy and technology. Notwithstanding numerous sets of principles, including the foundational Fair Information Practice Principles (FIPPs), that seek to address the handling of individuals' personal information, many concerns exist about the future of privacy in the face of rapidly evolving technologies. Process-oriented principles (such as FIPPs) are an important component of an overall privacy framework, but on their own they have not achieved consistent and measurable results in privacy protection. In the security field, risk management models, along with technical standards and best practices, are key components of improving security. Similarly, the safety risk management field also has well-developed models, technical standards and best practices. To date, the privacy field has lagged behind in the development of analogous components.
To address this gap, NIST has begun the Privacy Engineering initiative. Privacy Engineering focuses on providing guidance to information system users, owners, developers and designers that handle personal information. Such guidance can be used to decrease risks related to privacy harms, and to make purposeful decisions about resource allocation and effective implementation of controls.
On September 15-16, 2014, NIST will hold its Second Privacy Engineering Workshop in San Jose, CA. Co-sponsored with the International Association of Privacy Professionals (IAPP), this workshop will consider draft privacy engineering definitions and concepts. The results of this workshop will inform the development of the NIST report on privacy engineering.
There is no charge for attendance at this workshop.
NOTE: NIST will hold a live webcast on Thursday, October 2, 2014 at 2:00 pm Eastern Time to present the draft Privacy Engineering Objectives and Risk Model. Online viewers will be able to participate in a live question and answer period. Please visit this page to access the webcast. Registration is not required to view the webcast. If you would like to receive a reminder, please register here. The webcast will be available for playback approximately one week after the event.
NIST will accept public comments on the draft Privacy Engineering Objectives and Risk Model until October 15, 2014. Comments may be submitted to privacyeng [at] nist.gov.
Please Note: Any comments submitted to the privacyeng [at] nist.gov email address will be publically posted.
Who Should Attend: System design and privacy engineers, and privacy subject matter experts should attend this interactive workshop.
NIST Privacy Engineering Objectives and Risk Model Discussion Draft
Privacy Engineering Objectives and Risk Model - Discussion Deck