Protecting the privacy of the data about individuals that government systems contain is a critical pillar of our sponsors' information technology programs. The public needs to trust that the government is keeping personal data safe from misuse. Our privacy specialists help them achieve and maintain this level of trust.
MITRE's privacy program emphasizes strategy and policy as well as privacy engineering, and spans all aspects of a privacy program. It's about more than just complying with the law.
Our broad view of privacy begins with the concept of a framework that includes technical, operational, social, and ethical implications of designs and processes. We help government agencies to:
- Comply with the letter and spirit of privacy laws and regulations
- Build trust and respect among constituents
- Facilitate appropriate sharing of personally identifiable information
- Reduce threats to personally identifiable information, such as identity theft and insider threats
- Align their privacy policies with mission objectives
- Plan and execute their privacy programs strategically
MITRE's privacy engineering work includes implementing the concepts of "Privacy by Design," a framework developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario. This method ensures that agencies integrate privacy into the IT system development process from the beginning. We focus on privacy throughout the lifecycle of systems, from concept to requirements definition to development and testing through operations and retirement.
MITRE’s Privacy Engineering Capability has created a suite of privacy engineering tools for use by privacy professionals in their privacy engineering work to help organizations advance the state of privacy. The tools include:
- MITRE Privacy Continuous Monitoring Framework
- MITRE Privacy Engineering Framework
- MITRE Privacy Maturity Model
- MITRE Generic System Privacy Requirements and Tests
Our technical staff has also authored privacy books, including the first written on essential policies and practices for U.S. government privacy professionals, "U.S. Government Privacy: Essential Policies and Practices for Privacy Professionals." We also actively train sponsors and private industry in privacy certification and managing programs.
In particular, MITRE's appreciation of the interrelated but distinct requirements of privacy and security keeps the focus on making programs fully functional, rather than finding tradeoffs that might compromise data privacy. This approach helps our sponsors to both respond to privacy concerns and to position their programs for the future. And as healthcare privacy continues to grow as a national concern, our experts have taken a growing leadership role in that field as well.