Privacy is a challenging subject that spans a number of domains, including law, policy and technology. Notwithstanding numerous sets of principles, including the foundational Fair Information Practice Principles (FIPPs), that seek to address the handling of individuals' personal information, many concerns exist about the future of privacy in the face of rapidly evolving technologies. Process-oriented principles are an important component of an overall privacy framework, but on their own, they do not achieve consistent and measurable results in privacy protection. In the security field, risk management models, along with technical standards and best practices are key components of security frameworks. To date, the privacy field has lagged behind in the development of analogous components.
To address these gaps and challenges, and in support of the activities set forth in section 4.9 of the NIST Roadmap for Improving Critical Infrastructure Cybersecurity (developed pursuant to Executive Order 13636), NIST hosted a workshop on privacy engineering. The workshop focused on the advancement of privacy engineering as a basis for the development of technical standards and best practices for the protection of individuals' privacy or civil liberties. By examining existing models such as security engineering and safety risk management, the workshop explored the concepts of a privacy risk management model, privacy requirements and system design and development.
|April 9, 2014
Evolving OASIS Privacy by Design Standards
Dawn Jutla - OASIS
Privacy Engineering: Examples of System Design Strategy
Travis Breaux - Carnegie Mellon University
How Do We Make Privacy Protection Tractable?
Starts: April 09, 2014 - 09:30 AM EDT
Ends: April 10, 2014 - 12:30 PM EDT
Format: Both Type: Workshop
Attendance Type: Open to public
Audience Type: Industry,Government,Academia
NIST Gaithersburg, Maryland
Security and Privacy: privacy engineering