Last week the National Institute of Standards and Technology (NIST) announced version 1.0 of its new Privacy Framework, a resource designed to help organizations manage privacy risks. 

A preliminary version of the Privacy Framework was released in September 2019, but the release of version 1.0 was not officially announced until January 2016, 2020. 

This new framework is designed to help organizations across all industries and sizes manage privacy risks by focusing on three essential elements: taking privacy into account when developing a product/service, disclosing privacy practices, and cross-organizational collaboration. 

The NIST Privacy Framework is divided into three parts: the core, profiles, and implementation tiers. The core provides a granular set of actionable items and outcomes whose goal is to enable internal communication. The profiles represent functions, categories and subcategories from the core that have been prioritized by an organization. Lastly, the implementation tiers help organizations optimize the resources needed to achieve their target profile. 

While this new framework is not a law or regulation, the voluntary tool can be used to help manage risks and ensure continuous compliance with existing regulations, such as the EU's General Data Protection Regulation (GDPR) and the new California Consumer Privacy Act (CCPA)

Senior Privacy Policy Adviser for at NIST, Naomi Lefkovitz, claims, "If you want to consider how to increase customer trust through more privacy-protective products or services, the framework can help you do that. But we designed it to be agnostic to any law, so it can assist you no matter what your goals are."

This framework should also make it easier for organizations to keep up with technology advancement and new uses for data. Data that may be considered low-value today could be put to good use in a few years by cybercriminals. That's why you need to adopt an approach that allows your organization to continually reevaluate and adjust to new risks. 

NIST says that this new Privacy Framework is intended to complement the existing NIST Cybersecurity Framework, and both will be updated over time. 

A PDF version of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management is available on NIST's website

Contact Us

USA Offices

New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]

 

UK Office

New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 Infosec Security Winners 2018 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.