On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.” The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. In the blog post accompanying the release, NIST notes that the report is intended to address the absence of a vocabulary for talking about privacy outcomes and to produce “processes that are repeatable and could lead to measurable results.”
To this end, the report introduces three (3) privacy engineering objectives, which are intended to help system designers, engineers and policy teams to help “bridge the gap between high-level privacy principles and their implementation within systems.” These objectives are defined as follows:
Continue Reading NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems