IPEN Wiki - User contributions [en]

Events

2017-11-10T15:56:29Z

JoseDelAlamo: IWPE added

{| width="1174" border="1" cellpadding="1" cellspacing="1"
|-
| April 27, 2018
| 4th International Workshop on Privacy Engineering (IWPE)
| [http://iwpe.info [1]]
|-
| January 24-26, 2018
| CPDP Brussels 
| [http://www.cpdpconferences.org/index.html http://www.cpdpconferences.org/index.html] 
|-
| June 9 2017 
| 4th IPEN Workshop, Vienna 
| [https://edps.europa.eu/node/4184 [1]] 
|-
| June 7-8 2017 
| 5th Annual Privacy Forum, Vienna 
| [http://privacyforum.eu/ [2]] 
|-
| June 05 2017 
| NIST workshop: Privacy Risk Assessment: A Prerequisite for Privacy Risk Management 
| [https://www.nist.gov/news-events/events/2017/06/privacy-risk-assessment-prerequisite-privacy-risk-management https://www.nist.gov/news-events/events/2017/06/privacy-risk-assessment-prerequisite-privacy-risk-management] 
|-
| May 25 2017 
| 2017 International Workshop on Privacy Engineering – IWPE'17
| [https://ieee-security.org/TC/SPW2017/IWPE/index.html https://ieee-security.org/TC/SPW2017/IWPE/index.html] 
|-
| May 17-19 2017 
| TILTing, Tilburg 
| [https://www.tilburguniversity.edu/research/institutes-and-research-groups/tilt/events/tilting-perspectives/ https://www.tilburguniversity.edu/research/institutes-and-research-groups/tilt/events/tilting-perspectives/] 
|-
| May 9 2017
| EIC OASIS privacy engineering workshop
| [https://www.kuppingercole.com/events/eic2017-oasis https://www.kuppingercole.com/events/eic2017-oasis] 
|-
| Jan 25-27 2017 
| CPDP Brussels 
| [http://www.cpdpconferences.org/index.html http://www.cpdpconferences.org/index.html] 
|-
| Sept 9 2016 
| 3rd IPEN workshop, Frankfurt 
| [https://edps.europa.eu/node/3496 [3]] 
|-
| Sept 7-8 2016
| 4th Annual Privacy Forum, Fra
| [http://privacyforum.eu/ http://privacyforum.eu/] 
|-
| May 2016
| IEEE International Workshop on Privacy Engineering
| [http://ieee-security.org/TC/SPW2016/IWPE/program.html http://ieee-security.org/TC/SPW2016/IWPE/program.html] 
|-
| January 27-29 2016
| 9th International conference, Computer Privacy & Data Protection conference, Brussels
| [http://www.cpdpconferences.org/ http://www.cpdpconferences.org/] 
|-
| October 23-26 2015
| Amsterdam privacy conference
| [http://www.apc2015.net/ http://www.apc2015.net/] 
|-
| October 7-8 2015
| 3rd Annual Privacy Forum, Luxemburg
| [http://privacyforum.eu/ http://privacyforum.eu/] 
|-
| August 31-September 1 2015
| CCC Privacy-by-design workshop, Pittsburgh
| [http://www.cra.org/ccc/visioning/visioning-activities/privacy-by-design http://www.cra.org/ccc/visioning/visioning-activities/privacy-by-design] 
|-
| July 8-9 2015
|
OASIS conference Ditton Manor UK (Building trust in a hyperconnected world)

| [https://www.oasis-open.org/events/hyperconnected-2015 https://www.oasis-open.org/events/hyperconnected-2015] 
|-
| June 5th 2015
| IPEN Workshop Leuven
| [https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN/IPEN_Workshop_2015 https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN/IPEN_Workshop_2015] 
|}

Wiki for Privacy Standards and Privacy Projects

2017-11-10T15:53:47Z

JoseDelAlamo: Added IWPE to the events list.

== Objective of this Wiki ==

During the [https://secure.edps.europa.eu/EDPSWEB/edps/site/mySite/lang/en/IPEN_Workshop_2015 IPEN workshop held in Leuven on June 5th 2015], it was agreed that the IPEN community would benefit from the creation of a repository of information on activities related to privacy engineering initiatives and standards. The wiki was further extended in 2016 to cover privacy engineering projects

The objective of this Wiki is to be a tool allowing stakeholders interested in privacy engineering and standardisation to find resources and to identify and seek harmonisation and convergence opportunities.

== Membership ==

IPEN members can register to this Wiki as contributors (i.e. providing information and comments on privacy standards activities).

If you wish to contribute please read the [[Rules for Contribution|Rules for Contribution]].

'''Contact [[Special:Contact|Antonio Kung]] to become a contributor.'''

== Content of the wiki ==

=== This section contains an overview of the content and short explanations to the items. ===

=== Privacy Standards ===

{| class="mw-collapsible mw-collapsed autocollapse"
|-
| Click expand to find links to information regarding various standardisation organizations and their work on privacy and data protection standards 
|-
|
*The [https://ipen.trialog.com/wiki/ISO ISO], International Organization for Standardisation, has standards on e.g. Privacy Engineering or BigData

|-
|
*The [https://ipen.trialog.com/wiki/OpenId_Foundation_Activities OpenID Foundation] is a non-profit international standardization organization and has Workingroups regarding e.g. privacy and health related data

|-
|
*The [https://ipen.trialog.com/wiki/OASIS OASIS], Organization for the Advancement of Structured Information Standards, is e.g. working on Standards for Privacy Management Reference Model and Methodology.

|-
|
*The [https://ipen.trialog.com/wiki/W3C_Activities W3C Activities], World Wide Web Consortium, has a privacy group working e.g. on Tracking Protection.

|-
|
*The [https://ipen.trialog.com/wiki/IETF_Activities IETF Activities], Internet Engineering Taskforce, is working on the RFC 6973 [https://tools.ietf.org/html/rfc6973 "Privacy Considerations for Internet Protocols"]

|-
|
*The [https://ipen.trialog.com/wiki/IEEE_Activities IEEE Activities]

|-
|
*The [https://ipen.trialog.com/wiki/ITU_Activities ITU Activities]

|-
|
*There exist diverse [https://ipen.trialog.com/wiki/National_Level_Activities National Level Standards] regarding privacy, some with which IPEN members are invovled, can be found [http://ipen.trialog.com/wiki/National_Level_Activities here].

|-
|
*The European commission has issued a mandate to [http://ipen.trialog.com/wiki/CEN-CENELEC-ETSI_Activities European Standardisation Organisations], ESOs, to work on standards relating to privacy management of security products and related services.

|}

=== Privacy Engineering Projects ===

{| class="mw-collapsible mw-collapsed autocollapse"
|-
| Find in the following information on different projects that follow Privacy Engineering ideas such as privacy and data protection by design and by default.
|-
|
*With its [https://ipen.trialog.com/wiki/App_PETs APP Pets] project the [https://www.datenschutzzentrum.de/ Datenschutzzentrum (ULD)] is working on privacy enhancing technologies for smart device apps

|-
|
*The goal of [https://ipen.trialog.com/wiki/AN_ON_Next AN.ON-Next] by the [https://www.datenschutzzentrum.de/ Datenschutzzentrum (ULD)] is to integrate processes for anonymization into the internet infrastructure.

|-
|
*The [https://ipen.trialog.com/wiki/CREDENTIAL CREDENTIAL] project's goal is to enable end-to-end security and improved privacy in cloud identity management services for managing secure access control.

|-
|
*The [https://ipen.trialog.com/wiki/DNT_Guide DNT Guide] aims at helping website owners to implement the Do Not Track (DNT) standard.

|-
|
*With the [https://ipen.trialog.com/wiki/PARIS PARIS] project sets out to define and demonstrate a methodological approach for the development of a surveillance infrastructure which enforces the right of citizens for privacy, justice and freedom.

|-
|
*The mission of [https://ipen.trialog.com/wiki/PRIPARE PRIPARE] is to facilitate the application of a privacy and security-by-design methodology and to foster a risk management culture through educational material.

|-
|
*The [https://ipen.trialog.com/wiki/PRISMACLOUD PRISMACLOUD] produces tools to enable end-to-end security and thus allowing users to protect their privacy by cryptographic means.

|-
|
*The [https://ipen.trialog.com/wiki/Privacypatterns Privacypatterns] project provides building blocks for developers to advance privacy and data protection by design.

|-
|
*[https://ipen.trialog.com/wiki/Signatu Signatu] provides a service for companies to MAP their data processing activities, to create privacy policies and to track their users consent or consent withdrawal.

|}

=== Other Privacy projects, Events and Presentations ===

{| class="mw-collapsible mw-collapsed autocollapse"
|-
| Find in the following an overview of other privacy projects and events
|-
|
*Multiple institutions have worked on [https://ipen.trialog.com/wiki/DPIA_and_PIA_Guidelines Guidelines] for Privacy and Data Protection Impact Assessments.

|-
|
*You can find various [https://ipen.trialog.com/wiki/Studies Studies on Privacy and DP here.]

|-
|
*The [https://ipen.trialog.com/wiki/OWASP OWASP Top 10 Project] lists the current top 10 privacy risks.

|-
|
*The [https://ipen.trialog.com/wiki/Business_Process_CB Business Process Cookbook] is an open repository to integrate Privacy and DP by design into business processes.

|-
|
*Privacy related [https://ipen.trialog.com/wiki/Events Events]: see past and upcoming events in Europe

|-
|
* [https://ipen.trialog.com/wiki/Presentations Presentations] or interest on privacy

|-
|
*The [http://iwpe.info International Workshop on Privacy Engineering] is a yearly event to share and discuss the lates reaserch in the field.

|}

== Content Overview table ==

{| style="width:75%;" align="center" cellpadding="0" cellspacing="0"
|-
! style="width: 30%; background-color: #00cccc" |
Privacy Standards

! style="width: 30%; background-color: #51AC41" |
Privacy Engineering Projects

! style="width: 30%; background-color: #efe662" |
Other Privacy Projects / Events / Presentations

|-
| style="width: 30%; background-color: #00cccc" |
*[https://ipen.trialog.com/wiki/ISO ISO]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/App_PETs APP Pets]

| style="width: 30%; background-color: #efe662" |
*[https://ipen.trialog.com/wiki/DPIA_and_PIA_Guidelines DPIA and PIA guidelines]

|-
| style="width: 30%; background-color: #00cccc" |
*[https://ipen.trialog.com/wiki/OpenId_Foundation_Activities OpenID Foundation]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/AN_ON_Next AN.ON-Next]

| style="width: 30%; background-color: #efe662" |
*[https://ipen.trialog.com/wiki/Studies Studies]

|-
| style="width: 30%; background-color: #00cccc" |
*[https://ipen.trialog.com/wiki/OASIS OASIS]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/CREDENTIAL CREDENTIAL]

| style="width: 30%; background-color: #efe662" |
*[https://ipen.trialog.com/wiki/OWASP OWASP]

|-
| style="width: 30%; background-color: #00cccc" |
*[https://ipen.trialog.com/wiki/W3C_Activities W3C Activities]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/DNT_Guide DNT Guide]

| style="width: 30%; background-color: #efe662" |
*[https://ipen.trialog.com/wiki/Business_Process_CB Business Process Cookbook]

|-
| style="width: 30%; background-color: #00cccc" |
*[https://ipen.trialog.com/wiki/IETF_Activities IETF Activities]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/PARIS PARIS]

| style="width: 30%; background-color: #efe662" |
*[https://ipen.trialog.com/wiki/Events Events]

|-
| style="width: 30%; background-color: #00cccc" |
*[https://ipen.trialog.com/wiki/CEN-CENELEC-ETSI_Activities CEN-CENELEC-ETSI]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/PRIPARE PRIPARE]

| style="width: 30%; background-color: #efe662" |
*[https://ipen.trialog.com/wiki/Presentations Presentations]

|-
| style="width: 30%; background-color: #00cccc" |
*[https://ipen.trialog.com/wiki/National_Level_Activities National Level Standards]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/PRISMACLOUD PRISMACLOUD]

| style="width: 30%; background-color: #efe662" | 
|-
| style="width: 30%; background-color: #00cccc" |
*[https://ipen.trialog.com/wiki/IEEE_Activities IEEE standards]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/Privacypatterns Privacypatterns]

| style="width: 30%; background-color: #efe662" |
 

|-
| style="width: 30%; background-color: #00cccc" |
* [https://ipen.trialog.com/wiki/ITU_Activities ITU standards]

| style="width: 30%; background-color: #51AC41" |
*[https://ipen.trialog.com/wiki/Signatu Signatu]

| style="width: 30%; background-color: #efe662" |
 

|}

== More on IPEN - Internet Privacy Engineering Network ==

The purpose of IPEN ([http://www.engineeringprivacy.eu/ www.engineeringprivacy.eu]) is to bring together developers and data protection experts with a technical background from different areas in order to launch and support projects that build privacy into everyday tools and develop new tools which can effectively protect and enhance our privacy.

== Sponsors and Support ==

This Wiki is sponsored by ''[https://trialog.com TRIALOG]'' and supported by the [http://pripareproject.eu/ PRIPARE] project

{| style="text-align: center; width: 100%" align="center" border="0" cellpadding="1" cellspacing="1"
|-
| style="width: 50%" | [[File:LOGO TRIALOG 200 small 2.png|LOGO TRIALOG 200 small 2.png|link=http://www.trialog.com/]] 
| [[File:Logo Pripare-Large-clear.png|Logo Pripare-Large-clear.png|link=http://pripareproject.eu/]] 
|}

Other Activities

2015-07-02T09:06:38Z

JoseDelAlamo:

== Introduction ==

This pages covers other activities which could be of interest: guidelines, studies, events

== Guidelines ==

=== EC Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems ===

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| Context
|
The Smart Grids Task Force was set up by the European Commission in 2009 to advise on issues related to smart grid deployment and development. One of the working group (WG2) is on security and privacy.

The EC has provided a Data Protection Impact Assessment Template for smart grid and smart metering systems.

The EC has decided to have a two-year trial of the template starting from March 2015.

|-
| URL
|
Smart grid task force: [http://ec.europa.eu/energy/en/topics/markets-and-consumers/smart-grids-and-meters http://ec.europa.eu/energy/en/topics/markets-and-consumers/smart-grids-and-meters]

Test phase for template: [https://ec.europa.eu/energy/en/test-phase-data-protection-impact-assessment-dpia-template-smart-grid-and-smart-metering-systems https://ec.europa.eu/energy/en/test-phase-data-protection-impact-assessment-dpia-template-smart-grid-and-smart-metering-systems]

|-
| Documents
| Template document: [https://ec.europa.eu/energy/sites/ener/files/documents/2014_dpia_smart_grids_forces.pdf https://ec.europa.eu/energy/sites/ener/files/documents/2014_dpia_smart_grids_forces.pdf]
|-
| Comments
|
[Antonio Kung] 

*Integrates lots of input from CNIL privacy risk analysis

|}

=== CNIL Privacy Risk analysis ===

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| Context
| CNIL is the French DPA. It has produced two guidelines in November 2012
*a methodology for managing the risks that can affect the individuals ;
*a catalogue of measures and best practices to treat the risks identified with the methodology.

The two new guides propose a way to build a comprehensive analysis to handle complex personal data processing operations. These documents are primarily intended for use by controllers, data protection officers (DPO) and chief information security officers (CISO). They assist them in creating a rational understanding of the risks arising from the processing of personal data and to choose necessary and sufficient organizational and technical measures to protect privacy.

|-
| URL
| English web page: [http://www.cnil.fr/english/news-and-events/news/article/the-cnil-publishes-an-english-translation-of-its-two-advanced-security-and-privacy-risk-management/ http://www.cnil.fr/english/news-and-events/news/article/the-cnil-publishes-an-english-translation-of-its-two-advanced-security-and-privacy-risk-management/]
|-
| Document
|
Methodology to manage risk: [http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Methodology.pdf http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Methodology.pdf]

Measures for the privacy risk treatment: [http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Measures.pdf http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Measures.pdf]

|-
| Comments
|
[Antonio Kung]

*inspired from EBIOS security risk analysis.

|}

== Studies ==

=== NIST study on privacy risk management framework for Federal Information Systems ===

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| Context
|
NIST issued in May 2015 a draft report: NISTIR 8062, Privacy Risk Management for Federal Information Systems

The report describes a privacy risk management framework for federal information systems. The framework provides the basis for establishing a common vocabulary to facilitate better understanding of - and communication about - privacy risks and the effective implementation of privacy principles in federal information systems.

Comments are expected by July 13, 2015 at 5:00pm.

|-
| URL
| See 8062 dated May 28: [http://csrc.nist.gov/publications/PubsDrafts.html http://csrc.nist.gov/publications/PubsDrafts.html] and [http://www.nist.gov/itl/201506_privacy_framework.cfm http://www.nist.gov/itl/201506_privacy_framework.cfm]
|-
| Document
|
Draft document: [http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft.pdf http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft.pdf]

Comment matrix form: [http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft_comment_matrix.xls http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft_comment_matrix.xls]

|-
| Comments
|
[Antonio Kung]

*defines 3 privacy engineering objectives (predictability, manageability, dissociability)
*focuses on organisational risks (e.g. reputation). Does not focus at this point on risks for citizens 

|}

=== ENISA 2015 Study: Privacy and Data Protection-by-Design - from Policy to Engineering ===

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| Context
|
Report published in January 2015. Report aims to bridge the gap between the legal framework and the available technological implementation measures. It provides an inventory of the existing approaches and privacy design strategies, and the technical building blocks of various degree of maturity from research and development. Limitations and inherent constraints are presented with recommendations for their mitigation.

|-
| URL
| Announcement: [https://www.enisa.europa.eu/media/news-items/deciphering-the-landscape-for-privacy-by-design https://www.enisa.europa.eu/media/news-items/deciphering-the-landscape-for-privacy-by-design]
|-
| Document
| Report: [https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design/at_download/fullReport https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design/at_download/fullReport]
|-
| Comments
|
[Antonio Kung]

*highlights work from Jaap-Henk Hoepman.on Privacy design strategies, based on 4 data oriented strategies (minmise, hide, separate, aggregate) and 4 process oriented strategies (inform, control, enforce, demonstrate). This work is foundational.

|}

== Events ==

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| May 2016
| IEEE International Workshop on Privacy Engineering
| [http://ieee-security.org/TC/SPW2015/IWPE http://ieee-security.org/TC/SPW2015/IWPE] 
|-
| Jan 27-29
| CPDP, Brussels
| [http://www.cpdpconferences.org/ http://www.cpdpconferences.org/] 
|-
| Oct 7-8 2015
| Annual Privacy Forum, Luxemburg
| [http://privacyforum.eu/ http://privacyforum.eu/] 
|-
| Aug 31-Sept 1 2015
| CCC Privacy-by-design workshop, Pittsburgh
| [http://www.cra.org/ccc/visioning/visioning-activities/privacy-by-design http://www.cra.org/ccc/visioning/visioning-activities/privacy-by-design] 
|-
| July 8-9 2015
|
OASIS conference Ditton Manor UK (Building trust in a hyperconnected world)

| [https://www.oasis-open.org/events/hyperconnected-2015 https://www.oasis-open.org/events/hyperconnected-2015] 
|-
| June 5th 2015
| IPEN Workshop Leuven
| [https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN/IPEN_Workshop_2015 https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN/IPEN_Workshop_2015] 
|}

Other Activities

2015-07-02T09:05:36Z

JoseDelAlamo:

== Introduction ==

This pages covers other activities which could be of interest: guidelines, studies, events

== Guidelines ==

=== EC Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems ===

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| Context
|
The Smart Grids Task Force was set up by the European Commission in 2009 to advise on issues related to smart grid deployment and development. One of the working group (WG2) is on security and privacy.

The EC has provided a Data Protection Impact Assessment Template for smart grid and smart metering systems.

The EC has decided to have a two-year trial of the template starting from March 2015.

|-
| URL
|
Smart grid task force: [http://ec.europa.eu/energy/en/topics/markets-and-consumers/smart-grids-and-meters http://ec.europa.eu/energy/en/topics/markets-and-consumers/smart-grids-and-meters]

Test phase for template: [https://ec.europa.eu/energy/en/test-phase-data-protection-impact-assessment-dpia-template-smart-grid-and-smart-metering-systems https://ec.europa.eu/energy/en/test-phase-data-protection-impact-assessment-dpia-template-smart-grid-and-smart-metering-systems]

|-
| Documents
| Template document: [https://ec.europa.eu/energy/sites/ener/files/documents/2014_dpia_smart_grids_forces.pdf https://ec.europa.eu/energy/sites/ener/files/documents/2014_dpia_smart_grids_forces.pdf]
|-
| Comments
|
[Antonio Kung] 

*Integrates lots of input from CNIL privacy risk analysis

|}

=== CNIL Privacy Risk analysis ===

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| Context
| CNIL is the French DPA. It has produced two guidelines in November 2012
*a methodology for managing the risks that can affect the individuals ;
*a catalogue of measures and best practices to treat the risks identified with the methodology.

The two new guides propose a way to build a comprehensive analysis to handle complex personal data processing operations. These documents are primarily intended for use by controllers, data protection officers (DPO) and chief information security officers (CISO). They assist them in creating a rational understanding of the risks arising from the processing of personal data and to choose necessary and sufficient organizational and technical measures to protect privacy.

|-
| URL
| English web page: [http://www.cnil.fr/english/news-and-events/news/article/the-cnil-publishes-an-english-translation-of-its-two-advanced-security-and-privacy-risk-management/ http://www.cnil.fr/english/news-and-events/news/article/the-cnil-publishes-an-english-translation-of-its-two-advanced-security-and-privacy-risk-management/]
|-
| Document
|
Methodology to manage risk: [http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Methodology.pdf http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Methodology.pdf]

Measures for the privacy risk treatment: [http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Measures.pdf http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Measures.pdf]

|-
| Comments
|
[Antonio Kung]

*inspired from EBIOS security risk analysis.

|}

== Studies ==

=== NIST study on privacy risk management framework for Federal Information Systems ===

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| Context
|
NIST issued in May 2015 a draft report: NISTIR 8062, Privacy Risk Management for Federal Information Systems

The report describes a privacy risk management framework for federal information systems. The framework provides the basis for establishing a common vocabulary to facilitate better understanding of - and communication about - privacy risks and the effective implementation of privacy principles in federal information systems.

Comments are expected by July 13, 2015 at 5:00pm.

|-
| URL
| See 8062 dated May 28: [http://csrc.nist.gov/publications/PubsDrafts.html http://csrc.nist.gov/publications/PubsDrafts.html] and [http://www.nist.gov/itl/201506_privacy_framework.cfm http://www.nist.gov/itl/201506_privacy_framework.cfm]
|-
| Document
|
Draft document: [http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft.pdf http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft.pdf]

Comment matrix form: [http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft_comment_matrix.xls http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft_comment_matrix.xls]

|-
| Comments
|
[Antonio Kung]

*defines 3 privacy engineering objectives (predictability, manageability, dissociability)
*focuses on organisational risks (e.g. reputation). Does not focus at this point on risks for citizens 

|}

=== ENISA 2015 Study: Privacy and Data Protection-by-Design - from Policy to Engineering ===

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| Context
|
Report published in January 2015. Report aims to bridge the gap between the legal framework and the available technological implementation measures. It provides an inventory of the existing approaches and privacy design strategies, and the technical building blocks of various degree of maturity from research and development. Limitations and inherent constraints are presented with recommendations for their mitigation.

|-
| URL
| Announcement: [https://www.enisa.europa.eu/media/news-items/deciphering-the-landscape-for-privacy-by-design https://www.enisa.europa.eu/media/news-items/deciphering-the-landscape-for-privacy-by-design]
|-
| Document
| Report: [https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design/at_download/fullReport https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design/at_download/fullReport]
|-
| Comments
|
[Antonio Kung]

*highlights work from Jaap-Henk Hoepman.on Privacy design strategies, based on 4 data oriented strategies (minmise, hide, separate, aggregate) and 4 process oriented strategies (inform, control, enforce, demonstrate). This work is foundational.

|}

== Events ==

{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
|-
| May 2016
| IEEE International Workshop on Privacy Engineering
| [http://ieee-security.org/TC/SPW2015/IWPE] 
|-
| Jan 27-29
| CPDP, Brussels
| [http://www.cpdpconferences.org/ http://www.cpdpconferences.org/] 
|-
| Oct 7-8 2015
| Annual Privacy Forum, Luxemburg
| [http://privacyforum.eu/ http://privacyforum.eu/] 
|-
| Aug 31-Sept 1 2015
| CCC Privacy-by-design workshop, Pittsburgh
| [http://www.cra.org/ccc/visioning/visioning-activities/privacy-by-design] 
|-
| July 8-9 2015
|
OASIS conference Ditton Manor UK (Building trust in a hyperconnected world)

| [https://www.oasis-open.org/events/hyperconnected-2015 https://www.oasis-open.org/events/hyperconnected-2015] 
|-
| June 5th 2015
| IPEN Workshop Leuven
| [https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN/IPEN_Workshop_2015 https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN/IPEN_Workshop_2015] 
|}

IETF Activities

2015-06-19T14:49:45Z

JoseDelAlamo:

[[File:IETF.png]]

[https://tools.ietf.org/html/rfc6973 '''RFC 6973: Privacy Considerations for Internet Protocols''']

W3C Activities

2015-06-19T14:49:34Z

JoseDelAlamo:

[[File:W3C.png]]

[http://www.w3.org/Privacy/ W3C Privacy Interest Group]

User:JoseDelAlamo

2015-06-19T14:39:18Z

JoseDelAlamo: Created page with "Jose M. del Alamo - [http://www.dit.upm.es/~jmdela/index_en.html Homepage]"

Jose M. del Alamo - [http://www.dit.upm.es/~jmdela/index_en.html Homepage]

Contacts

2015-06-19T14:38:14Z

JoseDelAlamo:

=== Subscription ===

Please contact [[Users:Antoniok|Antonio Kung]] (''TRIALOG'').

=== Contacts ===

{| class="wikitable"
|-
! scope="col" | Name
! scope="col" | Company
! scope="col" style="width: 15%" | Contact Informations
! scope="col" style="width: 40%" | Presentation
|-
| valign="top" | [[User:Antoniok|Antonio Kung]]
| valign="top" | [http://trialog.com Trialog]
| valign="top" | antonio.kung@trialog.com
| valign="top" |
|-
| valign="top" | [[User:Olivierm|Olivier Maridat]]
| valign="top" | [http://trialog.com Trialog]
| valign="top" | olivier.maridat@trialog.com
| valign="top" |
|-
| valign="top" | [[User:JoseDelAlamo|Jose M. del Alamo]]
| valign="top" | [http://www.dit.upm.es Universidad Politécnica de Madrid]
| valign="top" | jmdela@dit.upm.es
| valign="top" | [http://www.dit.upm.es/~jmdela/index_en.html Homepage]
|-
| valign="top" | [[User:YodSamuelMartin|Yod-Samuel Martin]]
| valign="top" | [http://ww.dit.upm.es Universidad Politécnica de Madrid]
| valign="top" | samuelm@dit.upm.es
| valign="top" |
|}