Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafting the NIST Privacy Framework: Workshop #2

 

 

About

On May 13-14, 2019, NIST will hold the second in a series of public workshops on the development of the Privacy Framework: An Enterprise Risk Management Tool. We thank Professors Annie Antón and Peter Swire, and the Georgia Tech Scheller College of Business, in Atlanta, Georgia, for hosting this event. Drafting the NIST Privacy Framework: Workshop #2 will provide an opportunity for attendees to actively engage in facilitated discussions to advance the development of the framework. Prior to this workshop, NIST released a discussion draft. NIST will use the breakout sessions at this workshop as input to validate or adjust the discussion draft to support the next stage of the process: releasing a preliminary draft framework. This workshop will be open to the public. 

Workshop Inputs: Prior to this workshop, NIST released a discussion draft of the framework.

Expected Workshop Outputs: Validation or adjustment of the discussion draft to inform the development of a preliminary draft of the framework.

This will be an important in-person opportunity to engage with NIST on the development of this framework; please sign up for our mailing list to receive announcements about other events and the release of framework documents. Join the conversation about this workshop using #PrivacyFramework.

CPE credits: The International Association of Privacy Professionals (IAPP) has approved up to 11.25 CPE credits for attending this workshop. To request credits from IAPP, please use this form.

workshop Summary

Workshop Summary (PDF)

Supplemental Workshop Materials

Attendees are encouraged to review this supplemental material on the topics that will be discussed at the event. NIST also welcomes written feedback on this material at PrivacyFramework@nist.gov.  

Discussion Draft (PDF)  NIST Informative References (PDF) Privacy Framework Discussion Draft Core Comparison (PDF) Use Case Exercise (PDF)

Presentation Materials

Presentation: Expanding the OSI Stack to Describe Categories of Privacy Tasks

  • A Pedagogic Cybersecurity Framework, by Peter Swire | PDF
  • Slides | PDF

Panel Discussion #1: Discussion Draft of the Framework with NIST

  • Panel slides | PDF

MOBILE WORKSHOP GUIDE

We have a mobile guide for you to use on Guidebook! Get the guide to conveniently access information about the workshop, including schedules and maps.
Get our guide here: https://guidebook.com/g/nistpfworkshop2

 Android and iOS users:

  1. Tap the "Download" usa-button to download the free Guidebook app
  2. Open Guidebook and you can find our "Drafting the NIST Privacy Framework: Workshop #2" guide

Please note that in order to use the app, attendees will have to submit their name and email to create a Guidebook account and will be subject to Guidebook’s privacy policy. Use of this third-party app is completely optional. All workshop information available on the app is also provided on this event page.

Venue Information

Plenary and Working Sessions Locations

This workshop will take place in Tech Square in Atlanta, Georgia. Registration and plenary sessions will be located at the Biltmore Ballrooms. Working Sessions will be located in The Biltmore’s Georgian Ballroom, as well as Georgia Tech’s Scheller College of Business Building and Technology Square Research Building. Addresses of these buildings are provided below, and a map of the buildings and relevant rooms is provided. As noted in the agenda, your workshop badge will indicate a group number for Working Sessions 1-3. For Working Sessions 4 and 5, attendees will be able to choose between six different topics. We have provided a room location guide.

Site Map (PDF)  Room Location Guide (PDF)

The Biltmore Ballrooms (Georgian Ballroom)
817 West Peachtree Street NW, Atlanta, GA 30308 (Google maps link)

Scheller College of Business Building
800 West Peachtree NW, Atlanta, GA 30308 (Google maps link)

Technology Square Research Building
85 5th St NW, Atlanta, GA 30308 (Google maps link)

Food

A map of nearby food options is also provided.

Parking

Please note: You will need to pay for parking. We are including a parking map with several options.

  • P1 Centergy Parking 31 3rd St NW, Atlanta, GA 30308

  • P2 GT Hotel Parking 759 W. Peachtree St. NW, Atlanta, GA 30308
  • P3 Technology Square Parking Deck 81 4th St NW, Atlanta, GA 30308

About the NIST Privacy Framework

For more information about the NIST Privacy Framework, including a Fact Sheet and FAQs, please visit the NIST Privacy Framework website. To receive periodic updates about the process and opportunities to engage, subscribe to the NIST Privacy Framework mailing list.

Agenda (Printable PDF)  Updated 5/13/2019

May 13 - Monday

7:30 AM Registration Opens - The Biltmore | 817 West Peachtree Street NW, Atlanta, GA 30308 | Georgian Ballroom

Breakfast will be provided.

8:30 AM Opening Remarks - The Biltmore | Georgian Ballroom

  • Annie Antón, Professor (and former Chair), School of Interactive Computing, Georgia Institute of Technology
  • Donna Dodson, Chief Cybersecurity Advisor, NIST

8:45 AM Panel Discussion #1: Discussion Draft of the Framework with NIST
This panel will introduce the discussion draft of the NIST Privacy Framework. Engage with NIST leadership to learn more about the NIST Privacy Framework process and the approach taken in the discussion draft.
Panelists:

  • Donna Dodson, Chief Cybersecurity Advisor, NIST
  • Naomi Lefkovitz, Senior Privacy Policy Advisor, NIST
  • Adam Sedgewick, Senior IT Policy Advisor, NIST
  • Kevin Stine, Chief of the Applied Cybersecurity Division, NIST

9:45 AM Break Coffee will be provided.

9:55 AM Presentation: Expanding the OSI Stack to Describe Categories of Privacy Tasks

Peter Swire, Elizabeth and Tommy Holder Chair and Professor of Law and Ethics, Georgia Institute of Technology; Senior Counsel, Alston & Bird LLP

10:15 AM Panel Discussion #2: Voices from the Field
Hear from expert practitioners from various sectors about their initial views on the NIST Privacy Framework discussion draft. Panelists will discuss whether the draft can further communication about privacy risks, the scalability of the framework, and how it could work in conjunction with existing organizational risk management practices to strengthen privacy programs, among other topics to stimulate discussion for the workshop breakout sessions.
Moderator: Jamie Danker, Director of Privacy, Easy Dynamics Corp.

Panelists:

  • Annie Antón, Professor (and former Chair), School of Interactive Computing, Georgia Institute of Technology
  • Ken Durbin, Senior Strategist, Symantec
  • Venky Iyer, Chief Strategy Officer, Intent.ai
  • Nick Oldham, CPO and Data Governance Officer, Equifax
  • Amie Stepanovich, U.S. Policy Manager, Access Now

11:15 AM Panel Discussion #3: Global Privacy Landscape
Learn how the voluntary NIST Privacy Framework could fit into the global landscape. Panelists will discuss a range of topics to improve interoperability, including global standards, international data transfer regimes such as the APEC Cross-border Privacy Rules and Privacy Shield, the role of conformity assessments, and managing the patchwork of laws in the U.S. and beyond.
Moderator: Lisa Carnahan, Computer Scientist, NIST

Panelists:

  • Anick Fortin-Cousens, Chief Privacy Officer, IBM Canada
  • Jeewon Kim Serrato, US Head of Data Protection, Privacy and Cybersecurity, Norton Rose Fulbright
  • Laura Lindsay, US National Standards Officer, Microsoft
  • Andrew Steele, International Trade Specialist, International Trade Administration

12:15 PM Rules of Engagement Ellen Nadeau, Deputy Manager, Privacy Framework, NIST

12:30 PM Lunch On your own | Dining options available in the workshop vicinity.

1:45 PM Working Session #1
Working sessions 1, 2, and 3 will focus on an in-depth discussion of organizational privacy risk management needs and whether the discussion draft as structured – the Core functions, categories, and subcategories; Profiles; and Implementation Tiers - supports these needs. See badge for assigned group number (1-6). A mapping between group number and room number/location is available on the event page.

Rooms by Group # on Badge:

  • #1: The Biltmore - Georgian Ballroom 
  • #2: Scheller Room 100 
  • #3: Scheller Room 200 
  • #4: Scheller Room 102 
  • #5: Scheller Room 300 
  • #6: Technology Square Research Building (TSRB) GVU Cafe 

3:00 PM Break

3:15 PM Working Session #2
Continue discussions from working session #1. Return to same room as session #1. See badge for assigned group number (1-6). 

Rooms by Group # on Badge:

  • #1: The Biltmore - Georgian Ballroom 
  • #2: Scheller Room 100 
  • #3: Scheller Room 200 
  • #4: Scheller Room 102 
  • #5: Scheller Room 300 
  • #6: Technology Square Research Building (TSRB) GVU Cafe 

4:30 PM Recap of the Day - The Biltmore | Georgian Ballroom

  • Kevin Stine, Chief of the Applied Cybersecurity Division, NIST
  • Naomi Lefkovitz, Senior Privacy Policy Advisor, NIST

4:45 PM Adjourn

May 14 - Tuesday

8:30 AM Working Session #3  
Continue discussions from working session #2. Return to same room as session #2. See badge for assigned group number (1-6).

Rooms by Group # on Badge:

  • #1: The Biltmore - Georgian Ballroom
  • #2: Scheller Room 100 
  • #3: Scheller Room 101 
  • #4: Scheller Room 102 
  • #5: Scheller Room 103 
  • #6: Technology Square Research Building (TSRB) GVU Cafe 

10:30 AM Break

10:45 AM Working Session #4 (concurrent sessions)
Choose one of the following six topics. A mapping between topic and room number/location is available on the event page. Note: All topics will repeat in session #5.

  • Privacy risk management Discuss organizations’ privacy risk management considerations and practices and whether NIST has appropriately addressed these in the discussion draft. | Location: Biltmore - Georgian Ballroom
  • Informative references and roadmap Discuss NIST’s proposed approach to informative references and discuss areas for a roadmap. | Location: Scheller Room 100
  • Workforce Discuss organizations’ workforce needs and how the Privacy Framework might support these needs. | Location: Technology Square Research Building - GVU Cafe
  • Communications Discuss organizations’ communication needs and whether the discussion draft provides a common language accessible for a broad audience. | Location:  Scheller Room 102
  • Small- and medium-sized businesses Discuss the needs of small and medium sized businesses and whether the discussion draft is scalable for a variety of organizations. | Location:  Scheller Room 103
  • Using the framework Engage in a hypothetical use case exercise to stress test the NIST Privacy Framework.  | Location: Scheller Room 101 

12:15 PM Lunch On your own | Dining options available in the workshop vicinity.

1:30 PM Working Session #5 (concurrent sessions)
Choose one of the following six topics. A mapping between topic and room number/location is available on the event page. Note: These are repeated from session #4

  • Privacy risk management: Biltmore - Georgian Ballroom
  • Informative references and roadmap: Scheller Room 100
  • Workforce: Technology Square Research Building - GVU Cafe
  • Communications: Scheller Room 102
  • Small- and medium-sized businesses: Scheller Room 103
  • Using the framework: Scheller Room 101 

3:30 PM Break

3:45 PM Recap and Next Steps - The Biltmore | Georgian Ballroom

  • Kevin Stine, Chief of the Applied Cybersecurity Division, NIST
  • Naomi Lefkovitz, Senior Privacy Policy Advisor, NIST

4:10 PM Closing Remarks
Peter Swire, Elizabeth and Tommy Holder Chair and Professor of Law and Ethics, Georgia Institute of Technology; Senior Counsel, Alston & Bird LLP

4:15 PM Adjourn

Created December 13, 2018, Updated June 26, 2020