Sat. May 21st, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    pt flag
    ru flag
    es flag

    Editor’s Note: Taken directly from the NIST Privacy Framework website, the following information is provided to highlight the introduction of version 1.0 of the NIST Privacy Framework published on January 16, 2020. According to NIST, the Framework enables organizations to communicate and prioritize their privacy protection activities and outcomes to address diverse privacy needs, develop more effective solutions that can lead to better outcomes for individuals and organizations, and stay current with technology trends, such as artificial intelligence and the Internet of Things. The Privacy Framework is also designed to be compatible with existing domestic and international legal and regulatory regimes and usable by any type of organization to enable widespread adoption.

    Extract from NIST Privacy Framework

    NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management

    Executive Summary

    For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem. As a result, individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services. At the same time, organizations may not realize the full extent of these consequences for individuals, for society, or for their enterprises, which can affect their brands, their bottom lines, and their future prospects for growth.

    Following a transparent, consensus-based process including both private and public stakeholders to produce this voluntary tool, the National Institute of Standards and Technology (NIST) is publishing this Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework), to enable better privacy engineering practices that support privacy by design concepts and help organizations protect individuals’ privacy.

    The Privacy Framework can support organizations in:

    • Building customers’ trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole;*
    • Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
    • Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators.

    Deriving benefits from data while simultaneously managing risks to individuals’ privacy is not well-suited to one-size-fits-all solutions. Like building a house, where homeowners make layout and design choices while relying on a well-engineered foundation, privacy protection should allow for individual choices, as long as effective privacy risk mitigations are already engineered into products and services. The Privacy Framework—through a risk- and outcome-based approach—is flexible enough to address diverse privacy needs, enable more innovative and effective solutions that can lead to better outcomes for individuals and organizations, and stay current with technology trends, such as artificial intelligence and the Internet of Things.

    The Privacy Framework follows the structure of the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to facilitate the use of both frameworks together. Like the Cybersecurity Framework, the Privacy Framework is composed of three parts: Core, Profiles, and Implementation Tiers. Each component reinforces privacy risk management through the connection between business and mission drivers, organizational roles and responsibilities, and privacy protection activities.

    • The Core enables a dialogue—from the executive level to the implementation/operations level—about important privacy protection activities and desired outcomes.
    • Profiles enable the prioritization of the outcomes and activities that best meet organizational privacy values, mission or business needs, and risks.
    • Implementation Tiers support decision-making and communication about the sufficiency of organizational processes and resources to manage privacy risk.

    In summary, the Privacy Framework is intended to help organizations build better privacy foundations by bringing privacy risk into parity with their broader enterprise risk portfolio.

    * There is no objective standard for ethical decision-making; it is grounded in the norms, values, and legal expectations in a given society. 

    Full NIST Privacy Framework – Version 1.0 Document

    NIST Privacy Framework_V1.0

    Read more on the NIST Privacy Framework

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Challenged by Leaky Forms? A Study of Email and Password Exfiltration

    The report "Leaky Forms: A Study of Email and Password Exfiltration...

    Automating Incident Response? Considering Artificial Intelligence in Cyberspace

    According to the recent research report from the CCDCOE on Automated/Autonomous...

    Russian Cyberattack Activity in Ukraine: A Special Report from Microsoft

    According to an April 27, 2022 report from Microsoft's Digital Security...

    Informing Business Decisions? Cybersecurity Market Analysis Framework from ENISA

    The ENISA Cybersecurity Market Analysis Framework is designed to improve market...

    Smarsh to Acquire TeleMessage

    “As in many other service industries, mobile communication is ubiquitous in...

    A Milestone Quarter? DISCO Announces First Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “This quarter...

    New from Nuix? Macquarie Australia Conference 2022 Presentation and Trading Update

    From a rebalanced leadership team to three concurrent horizons to drive...

    Strong Growth? KLDiscovery Inc. Announces First Quarter 2022 Financial Results

    According to Christopher Weiler, CEO of KLDiscovery Inc, “The first quarter...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Five Great Reads on Cyber, Data, and Legal Discovery for March 2022

    From new privacy frameworks and disinformation to business confidence and the...

    Five Great Reads on Cyber, Data, and Legal Discovery for February 2022

    From biometric recognition and artificial intelligence to data embassies and processing...

    Feeding the Frenzy? Summer 2022 eDiscovery Pricing Survey Results

    Initiated in the winter of 2019 and conducted eight times with...

    Surge or Splurge? Eighteen Observations on eDiscovery Business Confidence in the Spring of 2022

    In the spring of 2022, 63.5% of survey respondents felt that...

    Types and Shadows? Issues Impacting eDiscovery Business Performance: A Spring 2022 Overview

    In the spring of 2022, 36.5% of respondents viewed increasing types...

    The Tide is In? eDiscovery Operational Metrics in the Spring of 2022

    In the spring of 2022, 46 eDiscovery Business Confidence Survey participants...