The IT Law Wiki


National Institute of Standards and Technology, An Introduction to Privacy Risk Engineering and Risk Management in Federal Systems (NISTIR 8062) (Jan. 2017) (full-text).


This document provides an introduction to the concepts of privacy engineering and risk management for federal systems. These concepts establish the basis for a common vocabulary to facilitate better understanding and communication of privacy risk within federal systems, and the effective implementation of privacy principles. This publication introduces two key components to support the application of privacy engineering and risk management: privacy engineering objectives and a privacy risk model.