Privacy is a challenging subject that spans a number of domains, including law, policy and technology. Notwithstanding numerous sets of principles, including the foundational Fair Information Practice Principles (FIPPs), that seek to address the handling of individuals' personal information, many concerns exist about the future of privacy in the face of rapidly evolving technologies. Process-oriented principles are an important component of an overall privacy framework, but on their own, they do not achieve consistent and measurable results in privacy protection. In the security field, risk management models, along with technical standards and best practices are key components of security frameworks. To date, the privacy field has lagged behind in the development of analogous components.
To address these gaps and challenges, and in support of the activities set forth in section 4.9 of the NIST Roadmap for Improving Critical Infrastructure Cybersecurity (developed pursuant to Executive Order 13636), NIST hosted a workshop on privacy engineering. The workshop focused on the advancement of privacy engineering as a basis for the development of technical standards and best practices for the protection of individuals' privacy or civil liberties. By examining existing models such as security engineering and safety risk management, the workshop explored the concepts of a privacy risk management model, privacy requirements and system design and development.