The National Institute of Standards and Technology (NIST) has published the release version 1.0 of its privacy framework. The Framework is a voluntary tool that can be used by organizations to manage risks in compliance with privacy legislation, including the European GDPR.
The NIST Privacy Framework is designed to help organizations manage privacy risks, with specific focuses on:
The framework provides building blocks that help organizations in achieving privacy goals.
The Framework is composed of three main parts, the Core, Profiles, and Implementation Tiers.
The Core enables communications within organizations about privacy protection activities and desired goals. Profiles allow organizations to prioritize the outcomes and activities according to privacy values, the business mission, and risks.
Implementation tiers help organizations to optimize the resources that are necessary to manage the risk.
Organizations, one analyzed the potential impact of privacy risks, may choose to prioritize according to their strategy. The response to privacy risk includes:
The framework should also organizations to keep up with technology advancements and new uses for data.
The Privacy Framework is considered complementary with the NIST Cybersecurity Framework, using both it is possible to have a good understanding of the different origins of cybersecurity and privacy risks and allow to determine the most effective solutions to address the risks.
Additional details are included in the document titled “NIST PRIVACY FRAMEWORK: A TOOL FOR IMPROVING PRIVACY THROUGH ENTERPRISE RISK MANAGEMENT. “