MITRE's Privacy Engineering Tools and Their Use in a Privacy Assessment Framework

Abstract

Organizations collect and use personally identifiable information (PII) about individuals for many uses, including to provide services and benefits. Many organizations have not fully integrated privacy into their systems engineering processes. Privacy engineering, a systematic, risk-driven process, helps ensure that privacy is addressed from the very beginning as systems are developed. Organizations face severe consequences for not protecting privacy. Some of the scenarios include: reduced organizational effectiveness; curtailment of some programs; a negative impact on people whose PII has been collected, including identity theft; large costs for recovery from privacy incidents; and loss of credibility, confidence, and trust in the organization from affected individuals, the public, and stakeholders.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 10, 2019
Accession Number
AD1125337

Entities

People

  • Julie Mcewen
  • Stuart Shapiro

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Accumulators
  • Corporations
  • Cycles
  • Engineering
  • Engineers
  • Governments
  • Guidance
  • Identities
  • Infrastructure
  • Law
  • Life Cycles
  • Monitoring
  • Recovery
  • Regulations
  • Resource Management
  • Risk
  • Risk Management
  • Security
  • Standards
  • Systems Engineering

Fields of Study

  • Computer science

Readers

  • Government and Public Administration Law.
  • Life Cycle Cost Analysis
  • Software Engineering.