Protecting the Confidentiality of Personally Identifiable Information (SP 800-122)

SP 800-122, a special publication released in April 2010 by the US National Institute of Standards and Technology (NIST), is a resource for those responsible for assessing privacy and designing and implementing privacy controls within information systems and business processes. This article offers a brief introduction to the key concepts and important elements of this publication.

Major Recommendations

The SP 800-122 aims to provide usable guidelines for a risk-based approach to protecting personally identifiable information (PII), particularly in US federal government agencies and their business associates. To this end, the publication makes the following recommendations:

Organizations should identify all PII that resides in [...]


US Department of Homeland Security: Privacy Policies & Practices

The US Department of Homeland Security (DHS) is often criticized for its privacy policies and practices, as it handles a vast amount of sensitive personal information. However, it is important to note how the DHS does attempt to protect personal privacy, in policy as well as practice. In addition to compliance with federal privacy legislation, such as the FOIA (Freedom of Information Act) and the Privacy Act, the Department consults with privacy professionals in order to evaluate new or potential programs, systems, technologies and certain rule-making procedures in order to appropriately handle personal information. This article takes a look at exactly how the Department of Homeland Security approaches privacy [...]


Approaches to Privacy Policy Enforcement - US Federal Departments & Agencies

Guided by privacy legislation and internal privacy policies, US federal government agencies and departments strive to protect citizens’ personal information and privacy rights. This article introduces the privacy practices of three federal departments: the US Census Bureau, the Internal Revenue Service (IRS) and the US Department of [...]


Secure Flight & Privacy Rights

The US Secure Flight Program has garnered much public concern and disapproval in Canada, where many Canadians are finding themselves subject to the controversial regulations when flying over US airspace. Aviation security is a high priority issue for the Canadian federal Privacy Commissioner, who earlier this year carried out an investigation of airport security scanners being installed in Canadian airports. While security is an issue in the aviation industry, the Privacy Commissioner, along with other privacy watchdogs, insist that security measures must also respect the privacy and personal dignity of travelers in Canadian [...]


Provincial Privacy Legislation

This article discusses two substantially similar provincial legislations that protect private sector privacy rights. These are the PIPA of Alberta and the PIPA of British Columbia. The article describes the purposes, regulations and means of redress for each piece of legislation. It also explores situations which may be regulated by a number of laws, such as transborder data [...]