The protection of sensitive information is a high priority to organizations at large. This page provides useful resources for you learn more about privacy initiatives through reports, articles and other sources.
NIST Special Publication 800-98
|National Institute of Standards and Technology
Retailers, manufacturers, hospitals, federal agencies, and other organizations planning to use radio frequency identification (RFID) technology to improve their operations should also systematically evaluate the possible security and privacy risks and use best practices to mitigate them, according to SP 800-98, Guidelines for Securing Radio Frequency Identification (RFID) Systems
NIST Special Publication 800-122
NIST has issued SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
, to assist federal agencies in carrying out their responsibilities to protect PII in information systems. The publication discusses how to identify PII and protect the confidentiality of PII as part of the organization’s information security procedures.
NIST Special Publication 800-144
NIST SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing
provides an overview of the security and privacy challenges pertinent to public cloud computing and points put considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
NIST Special Publication 800-145
International Association of Privacy Professionals (IAPP)
The NIST definition in SP 800-145,The NIST Definition of Cloud Computing, characterizes important aspects of cloud computing and is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing.
NIST Special Publication 800-146
NIST SP 800-146, Cloud Computing Synopsis and Recommendations, provides guidelines and recommendations on how organizations should weigh the opportunities and risks of cloud computing. It describes cloud systems and discusses their strengths and weaknesses.
The International Association of Privacy Professionals (IAPP) is the largest and most comprehensive global information privacy community and resource, helping practitioners develop and advance their careers and organizations manage and protect their data. Founded in 2000, the IAPP is a not-for-profit association that helps define, support and improve the privacy profession globally.
National Do Not Call Registry
The National Do Not Call Registry puts consumers in charge of the telemarketing calls they get at home. The Federal government created the national registry to make it easier and more efficient for you to stop getting telemarketing calls you don’t want.
EPIC Online Guide to Practical Privacy Tools
The EPIC Online Guide to Practical Privacy Tools includes links to sites with information on snoop-proof e-mail, anonymous remailers, html filters, cookie busters, Web, telnet and disk encryption, voice- and e-mail privacy resources, and more.
Platform for Privacy Preferences Project (P3P)
The Platform for Privacy Preferences Project (P3P), developed by the World Wide Web Consortium, is emerging as an industry standard providing a simple, automated way for users to gain more control over the use of personal information on websites they visit. At its most basic level, P3P is a standardized set of multiple-choice questions, covering all the major aspects of a Web site's privacy policies.
Radio Frequency Identification (RFID)
This website by the Electronic Privacy Information Center (EPIC) is devoted to Radio Frequency Identification Systems.
Data Privacy and Spyware
This website contains information on spyware provided by the Center for Democracy and Technology.
Enterprise Privacy Authorization Language (EPAL)
This is the Enterprise Privacy Authorization Language (EPAL) technical specification. EPAL is a formal language for writing enterprise privacy policies to govern data handling practices in IT systems according to fine-grained positive and negative authorization rights. It concentrates on the core privacy authorization while abstracting data models and user-authentication from all deployment details, such as data model or user-authentication.