NIST Seeks Comments on Proposed Privacy Engineering Objectives and Risk Model Draft Discussion | Practical Law

NIST Seeks Comments on Proposed Privacy Engineering Objectives and Risk Model Draft Discussion | Practical Law

The National Institute of Standards & Technology (NIST) released the Privacy Engineering Objectives and Risk Model Discussion Draft in connection with the Second Privacy Engineering Workshop held on September 15-16, 2014 and is seeking comments in advance of preparing an Interagency Report.

NIST Seeks Comments on Proposed Privacy Engineering Objectives and Risk Model Draft Discussion

by Practical Law Intellectual Property & Technology
Law stated as of 22 Sep 2014USA (National/Federal)
The National Institute of Standards & Technology (NIST) released the Privacy Engineering Objectives and Risk Model Discussion Draft in connection with the Second Privacy Engineering Workshop held on September 15-16, 2014 and is seeking comments in advance of preparing an Interagency Report.
The National Institute for Standards & Technology (NIST) has released the Privacy Engineering Objectives and Risk Model Discussion Draft as part of the workshop materials for the Second Privacy Engineering Workshop held on September 15 and 16, 2014.
The discussion draft outlines proposed privacy engineering objectives and privacy risk models. As part of the discussion, NIST has proposed three privacy engineering objectives:
  • Predictability, which addresses enabling reliable assumptions about the rationale for the collection and use of personal information.
  • Manageability, which addresses providing the capability for authorized modification of personal information, such as correction or deletion.
  • Confidentiality, which addresses preserving restrictions on access and disclosure to information, including means for protecting personal privacy and proprietary information.
The discussion draft also suggests a risk management model that:
  • Focuses on the privacy impact on individuals whose information is collected, used, stored and transmitted by information systems.
  • Provides a method for determining the allocation of resources and making informed choices about privacy in systems.
  • Intends to help organizations identify where controls can be most effectively implemented and facilitates proactive steps to mitigating privacy risks.
NIST will also present a webinar on September 26, 2014 discussing the framework. Interested parties may e-mail comments to [email protected] by October 10, 2014. Output from the September workshop and written comments will support the development of a draft NIST Interagency Report, which NIST will also release for public comment.