NIST Will Present Draft Privacy Engineering Objectives

By David Bruggeman
September 29, 2014

On Thursday, October 2, the National Institute of Standards and Technology (NIST) has a webcast scheduled to present its draft (including a discussion deck) Privacy Engineering Objectives and Risk Model.  The development of these materials has been informed by two Privacy Engineering workshops that NIST co-hosted with the International Association of Privacy Professionals.

The current draft available online was prepared in advance of the second Privacy Engineering workshop, and whatever NIST releases on October 2 may reflect additional changes.  It’s focus is on protecting privacy in the course of unanticipated consequences of normal system behavior.  Malicious actors and attacks can be mitigated through security procedures.

Part of the motivation for this document is to address communications gaps around privacy and the development of tools to measure the effectiveness of privacy practices.  The objectives are not intended to describe a complete privacy risk management framework, as they are just one component of such a model.  NIST intends to add more components over time, but is focused on the objectives and the risk model for now.

Comments are being taken on the draft objectives and risk model until October 15.  They can be sent to privacyeng at