Last week the National Institute of Standards and Technology (NIST) released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. This is a tool for managing privacy risk that has been a year in the making. Now that it is finalized, this updated framework offers businesses privacy protection strategies and an overview of key privacy risk management concepts.
The privacy framework’s three main sections include:
- Core: offering a set of privacy protection activities and enabling a dialogue within an organization about desired privacy outcomes
- Profiles: to help determine which of the activities in the core framework an organization should pursue to reach its goals most effectively
- Implementation Tiers: to help organizations optimize the resources dedicated to managing privacy risk
While voluntary, the NIST privacy framework is a great tool that businesses of all sizes and industries can leverage to manage privacy risk. The NIST Framework may also be integrated into a business’s compliance function and used to address compliance with various state laws, such as NY’s SHIELD Act and parts of the California Consumer Protection Act (CCPA) and General Data Protection Regulation (GDPR). Similar and complementary to the widely used NIST Cybersecurity Framework, the Privacy Framework 1.0 is intended as a “living document” that will evolve along with changing privacy risks, laws, and needs.
For organizations looking for guidance on privacy risk management within their organization, leveraging the NIST Framework is a great place to start. At Beckage PLLC, our unique team of Attorneys are seasoned technology professionals with backgrounds that include risk management, in-house counsel, governmental agencies, and information security and technology leadership. We can facilitate the design and implementation of enterprise-wide security programs and perform ongoing “health checks” to evaluate the appropriateness of controls and alignment with business requirements. Beckage can work with your organization to identify its highest risks, control gaps, the “most bang for your buck” control domains to tackle and provide you with a pragmatic road-map that takes into account your organizational cyber-maturity level.
Attorney Advertising: Prior results do not guarantee a similar outcome.