- Hamburg Hall
- ELLEN NADEAU
- Privacy Risk Strategist
- National Institute of Standards and Technology
Privacy Risk Management
Changes in technology come with many benefits, but can often give rise to new implications for individuals’ privacy. Privacy practitioners have traditionally tried to address these issues with a compliance-based approach, but the law rarely keeps pace with technological change. Risk management is used to manage the tradeoffs between benefits and adverse consequences; however, when it comes to privacy there is still a dearth of guidance regarding how to effectively do privacy risk management. The Privacy Engineering Program at the National Institute of Standards and Technology (NIST) has been working to develop guidance for repeatable, measurable approaches to identifying and managing privacy risks. This seminar will introduce these NIST concepts, and will guide participants through hands-on activities re: 1) leveraging privacy engineering objectives in system design, and 2) selecting the appropriate controls to mitigate privacy risks in a system.
Ellen Nadeau, Privacy Risk Strategst, National Institute of Standards and Technology, is part of the Privacy Engineering Program at NIST, where she works to develop and pilot privacy risk management guidance and tools for organizations across sectors. She specializes in privacy-enhancing identity management solutions. Ellen received her Master’s of Public Administration from New York University, where she was a Scholar for Service at the NYU Center for Interdisciplinary Studies in Security and Privacy. Previously, Ellen worked at a digital rights nonprofit (Derechos Digitales) in Santiago, Chile, as a Google Policy Fellow, and with the National Center for Missing & Exploited Children in the Netsmartz Workshop.