NIST's Publishes Privacy Framework
To help organizations balance the need to leverage personal data to innovate while also protecting people’s privacy, the National Institute of Standards and Technology (NIST) is offering a tool for managing privacy risk. Earlier this year the agency released the first version of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.
The framework is built upon three main components. The “Core” describes a set of activities that support managing privacy risks when organizations are processing personal data. “Profiles” help an organization determine which Core activities are relevant to it. And finally, “Implementation Tiers” are provided to optimize the resources dedicated to managing privacy risks.
Leveraging the framework organizations will not only have a tool to help manage privacy risks arising from their use of personal information, but also a mechanism to demonstrate compliance with existing and emerging laws that may affect them, such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR).