The draft privacy engineering concepts issued by the National Institute of Standards and Technology deliberately avoid trying to define privacy itself, according to Naomi Lefkovitz, the agency's senior privacy policy adviser.
NIST is seeking public comments through Oct. 15 on a proposed definition for privacy engineering, three privacy-engineering objectives – predictability, manageability and confidentiality – and a system privacy risk model.
“There's still a lot of discussion about what privacy is,” Lefkovitz said Thursday during a webcast on the effort, “and privacy can mean many things to many people.”
The agency has sought to develop design objectives that could help to support various views on what privacy might mean in any particular organization, she said, “but not to make any definitive determination.”
The lack of consensus in society about the definition of privacy is not a showstopper for the project, Lefkovitz said. “There are many areas where we don't always necessarily have consensual policy, but we are still able to do research and look at ways to mitigate risk,” she said. “So it is very possible that we may never come to a complete consensus around what privacy is, but we can still have functioning models that help us mitigate risk better than we're doing today.”
When members of the public submit comments on the draft documents, they should not focus on the meaning of privacy but rather on whether the objectives proposed by the agency would support various notions of privacy, she said.
There is an overlap between security and privacy but they are not the same thing, she said.
In 2015, the agency hopes to issue a draft NIST Interagency Report (NISTIR) on privacy engineering, conduct a third workshop to help refine the document and then issue the report in final form.
Asked who the audience is for NIST’s privacy-engineering work, Lefkovitz said the agency needs help determining the answer.
“We need to probably clarify and expand on [that] in the NISTIR, so we actually welcome your feedback on where you think that these draft engineering objectives would be most helpful,” she said. -- Christopher J. Castelli (ccastelli@iwpnews.com)