NIST study on privacy risk management framework for Federal Information Systems
NIST issued in May 2015 a draft report: NISTIR 8062, Privacy Risk Management for Federal Information Systems
The report describes a privacy risk management framework for federal information systems. The framework provides the basis for establishing a common vocabulary to facilitate better understanding of - and communication about - privacy risks and the effective implementation of privacy principles in federal information systems.
A subsequent version was published in January 2017: NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems
This document provides an introduction to the concepts of privacy engineering and risk management for federal systems. These concepts establish the basis for a common vocabulary to facilitate better understanding and communication of privacy risk within federal systems, and the effective implementation of privacy principles. This publication introduces two key components to support the application of privacy engineering and risk management: privacy engineering objectives and a privacy risk model.
FInal version: http://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8062.pdf
ENISA 2015 Study: Privacy and Data Protection-by-Design - from Policy to Engineering
Report published in January 2015. Report aims to bridge the gap between the legal framework and the available technological implementation measures. It provides an inventory of the existing approaches and privacy design strategies, and the technical building blocks of various degree of maturity from research and development. Limitations and inherent constraints are presented with recommendations for their mitigation.