From IPEN Wiki
Revision as of 14:13, 18 October 2016 by PeterKraus (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

NIST study on privacy risk management framework for Federal Information Systems[edit]


NIST issued in May 2015 a draft report: NISTIR 8062, Privacy Risk Management for Federal Information Systems

The report describes a privacy risk management framework for federal information systems. The framework provides the basis for establishing a common vocabulary to facilitate better understanding of - and communication about - privacy risks and the effective implementation of privacy principles in federal information systems.

Comments are expected by July 13, 2015 at 5:00pm.

URL See 8062 dated May 28: and

Draft document:

Comment matrix form:


[Antonio Kung]

  • defines 3 privacy engineering objectives (predictability, manageability, dissociability)
  • includes an impact factor which focuses on organisational aspects (e.g. reputation). Impact on citizen (e.g. stigmatization) are not included in the privacy risk equation (likelihood x impact) but they have an influence on the organisational impact

ENISA 2015 Study: Privacy and Data Protection-by-Design - from Policy to Engineering[edit]


Report published in January 2015. Report aims to bridge the gap between the legal framework and the available technological implementation measures. It provides an inventory of the existing approaches and privacy design strategies, and the technical building blocks of various degree of maturity from research and development. Limitations and inherent constraints are presented with recommendations for their mitigation.

URL Announcement:
Document Report:

[Antonio Kung]

  • highlights work from Jaap-Henk Hoepman.on Privacy design strategies, based on 4 data oriented strategies (minmise, hide, separate, aggregate) and 4 process oriented strategies (inform, control, enforce, demonstrate). This work is foundational.