/PrivacyEngCollabSpace

Privacy Engineering Collaboration Space

Primary LanguagePython

Privacy Engineering Collaboration Space

The NIST Privacy Engineering Collaboration Space is an online venue open to the public where practitioners can discover, share, discuss, and improve upon open source tools, solutions, and processes that support privacy engineering and risk management.

Focus Areas

We have launched this space with an initial focus on de-identification and privacy risk assessment tools and use cases, and welcome feedback on topics of interest from the community.

  • De-identification: a technique or process applied to a dataset with the goal of preventing or limiting certain types of privacy risks to individuals, protected groups, and establishments, while still allowing for the production of aggregate statistics. This focus area includes a broad scope of de-identification to allow for noise-introducing techniques such as differential privacy, data masking, and the creation of synthetic datasets that are based on privacy-preserving models.

  • Privacy Risk Assessment: a process that helps organizations to analyze and assess privacy risks for individuals arising from the processing of their data. This focus area includes, but is not limited to, risk models, risk assessment methodologies, and approaches to determining privacy risk factors.

Contribute to the Space

Contributions come in three categories:

  1. Tool: A tool can be an open source solution or process, ranging from software to frameworks.
  2. Use Case: A use case is an example of an organization processing data about individuals for some explicit purpose(s) (e.g., where a goal is to prevent re-identification of the data during its processing, improve privacy risk assessment practices).
  3. Feedback: Help the community. Provide feedback on tools and use cases.

Tools and use cases are contributed via pull requests, while feedback is contributed via issues. Contributed tools and use cases can be hosted directly in this repository, or you can host them elsewhere online and link to them from this repository.

How to Contribute Tools and Use Cases

  1. Fork a copy of USNISTGOV/PrivacyEngCollabSpace to your own organizational or personal space.

  2. Create a branch in your fork, named specifically for your contribution.

  3. In your branch:

    A. Create a new directory within the relevant tool or use case directory: tools/de-identification, tools/risk-assessment, use-cases/de-identification, or use-cases/risk-assessment. Example: tools/de-identification/[your-contribution-name]

    B. Name the directory to describe your contribution.

    C. Include in the directory a README.md file that follows the relevant template. There is a template for a tool and for a use case contribution.

    D. If hosting a tool in this repository, also include in the directory any pertinent source code files or documentation.

    E. Update the README.md file of the main directory to which you’re contributing. This README provides an index of that directory's contents. It should include an entry reflecting your contribution.

  4. Create a pull request (PR) from your branch to the master branch in USNISTGOV/PrivacyEngCollabSpace.

  5. Moderators will then review the PR and may provide comments and suggestions to the contributor.

How to Contribute Feedback

Submit an issue to provide feedback on tools or use cases in the space. Please select appropriate tags related to the feedback.

Additional Contribution Resources

GitHub Help: If you're having trouble with these instructions, and need more information about GitHub, pull requests, and issues, visit GitHub's Help page.

Contribution Assistance: If you're having trouble submitting your contribution to this space, or otherwise would like to send us feedback, contact us.

Browse Tools and Use Cases

Interested in tools or use cases for de-identification and privacy risk assessment? Browse the contributions here.

Operating Rules

NIST will only accept open source submissions, per the Open Source Initiative’s definition of “open source”. Upon submission, materials will be public, considered to be open source, and may be altered and shared.

This is a moderated platform. NIST reserves the right to reject, remove, or edit any submission, including anything that:

  • promotes pay-for services or products;
  • includes personally identifiable or business identifiable information according to Department of Commerce Office of Privacy and Open Government guidelines;
  • is inaccurate;
  • contains abusive or vulgar content, spam, hate speech, personal attacks, or similar content;
  • is clearly "off topic";
  • makes unsupported accusations; or,
  • contains .exe or .jar file types.*

*These file types will not be merged into the NIST repository; instead, NIST may link to these if hosted elsewhere.

Representations and Warranties & Software Use Agreement

Any references to commercial entities, products, services, or other nongovernmental organizations or individuals on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of NIST, the Department of Commerce or the United States, or its officers or employees. Such references are not an official or personal endorsement of any product, person, or service, nor are they intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. Such references may not be quoted or reproduced for the purpose of stating or implying an endorsement, recommendation, or approval of any product, person, or service.

This platform is provided as a public service. Information, data, and software posted to this platform is “AS IS.” NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST does not warrant or make any representations regarding the use of the software or the results thereof, including but not limited to the correctness, accuracy, reliability or usefulness of the software. You are solely responsible for determining the appropriateness of using and distributing the software and you assume all risks associated with its use, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and the unavailability or interruption of operation. This software is not intended to be used in any situation where a failure could cause risk of injury or damage to property. NIST SHALL NOT BE LIABLE AND YOU HEREBY RELEASE NIST FROM LIABILITY FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, OR INCIDENTAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, AND THE LIKE), WHETHER ARISING IN TORT, CONTRACT, OR OTHERWISE, ARISING FROM OR RELATING TO THE SOFTWARE (OR THE USE OF OR INABILITY TO USE THIS SOFTWARE), EVEN IF NIST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Moderators

De-Identification Moderators

Joseph Near

Joseph Near | [@jnear]: Joseph Near is an assistant professor of computer science at the University of Vermont. His research interests include data privacy, computer security, and programming languages. Joseph received his BS in computer science from Indiana University, and his MS and PhD in computer science from MIT.

David Darais

David Darais [@davdar]: David Darais is an assistant professor of computer science at the University of Vermont. David's research focuses on software analysis and verification tools for critical and security-sensitive systems. David received a BS in computer science from University of Utah, an MS in computer science from Harvard University, and a PhD in computer science from University of Maryland.

Privacy Risk Management Moderator

Katie Boeckl

Katie Boeckl [@kboeckl]: Katie Boeckl is a privacy risk strategist at NIST. As part of the Privacy Engineering Program, Katie develops privacy risk management guidance, collaborates on the development of international privacy standards, and works to advance tools for privacy engineering and risk management. Katie has a BA in English from the University of Maryland, College Park, where she specialized in technology through a digital cultures honors program.

NIST Privacy Engineering Program

Learn about NIST's Privacy Engineering Program by visiting our website.

Contact

Contact NIST to submit feedback, including future topics of interest, or for assistance with contributing to the space: collabspace@nist.gov