The National Institute of Standards and Technology is working on guidance in the privacy risk management sector, according to a post on the Inside Privacy blog by Elizabeth Canter, associate at Covington & Burling. The institute is known for its work in the security risk management arena. NIST publishes standards security and application standards for public and private entities, said Canter. Earlier this week she reported they’re now considering drafting privacy definitions for programmers.
NIST’s focus for this new project is “on providing guidance to developers and designers of information systems that handle personal information,” said Canter. She said it can also reduce privacy risk and help make decisions on on computer resource allocation and security controls.
The three-tiered focus of the standards comprises predictability, manageability and confidentiality. Regarding predictability, it will outline the rational for collecting personal information. The standards also seek to explain how and when to modify personal information and how to preserve confidentiality within the data.
The comment period for the draft privacy engineering objections is open until October 10.