NIST Releases Version 1.0 of New Privacy Risk Framework

Last week the National Institute of Standards and Technology (NIST) announced version 1.0 of its new Privacy Framework, a resource designed to help organizations manage privacy risks. 

A preliminary version of the Privacy Framework was released in September 2019, but the release of version 1.0 was not officially announced until January 2016, 2020. 

This new framework is designed to help organizations across all industries and sizes manage privacy risks by focusing on three essential elements: taking privacy into account when developing a product/service, disclosing privacy practices, and cross-organizational collaboration. 

The NIST Privacy Framework is divided into three parts: the core, profiles, and implementation tiers. The core provides a granular set of actionable items and outcomes whose goal is to enable internal communication. The profiles represent functions, categories and subcategories from the core that have been prioritized by an organization. Lastly, the implementation tiers help organizations optimize the resources needed to achieve their target profile. 

While this new framework is not a law or regulation, the voluntary tool can be used to help manage risks and ensure continuous compliance with existing regulations, such as the EU's General Data Protection Regulation (GDPR) and the new California Consumer Privacy Act (CCPA)

Senior Privacy Policy Adviser for at NIST, Naomi Lefkovitz, claims, "If you want to consider how to increase customer trust through more privacy-protective products or services, the framework can help you do that. But we designed it to be agnostic to any law, so it can assist you no matter what your goals are."

This framework should also make it easier for organizations to keep up with technology advancement and new uses for data. Data that may be considered low-value today could be put to good use in a few years by cybercriminals. That's why you need to adopt an approach that allows your organization to continually reevaluate and adjust to new risks. 

NIST says that this new Privacy Framework is intended to complement the existing NIST Cybersecurity Framework, and both will be updated over time. 

A PDF version of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management is available on NIST's website

Cloud and Container Security
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
Information
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.