On January 16, 2020 NIST released their first framework developed specifically for managing privacy risk, Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management. According to NIST, the framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. 

Learn how to implement NIST’s new framework into your privacy program in this webinar.

As technologies continue to evolve and the importance of data privacy and protection grow across the globe, it’s important for organizations processing and handling personal information to be responsible stewards of that data. In order to help organizations maintain the balance of innovation and privacy, the NIST Privacy Framework is intended to help organizations better manage privacy risks that could potentially occur and demonstrate and maintain compliance with global privacy laws, like the EU’s GDPR and the California Consumer Privacy Act (CCPA).  

The Privacy framework is closely modeled after the well-known NIST Cybersecurity Framework and is designed to complement one another.  NIST describes the Privacy Framework as enabling better privacy engineering practices that support privacy by design concepts to help organizations protect individuals’ privacy. The Privacy Framework can support organizations in: 

  • Building customers’ trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole; 
  • Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and 
  • Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators. 

Composed of three parts—Core, Profiles, and Implementation Tiers—each component of the framework reinforces how organizations manage privacy risk through the connection between business or mission drivers, organizational roles and responsibilities, and privacy protection activities. 

 To learn more about the NIST Privacy Framework you can read NIST’s summary here. Or access the NIST Privacy Framework Roadmap here. Sign up for the Web Conference: NIST’s New Privacy Framework: Everything You Need to Know here.