Challenged by Privacy? The NIST Privacy Framework

The NIST Privacy Framework is a voluntary tool intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Editor’s Note: Taken directly from the NIST Privacy Framework website, the following information is provided to highlight the introduction of version 1.0 of the NIST Privacy Framework published on January 16, 2020. According to NIST, the Framework enables organizations to communicate and prioritize their privacy protection activities and outcomes to address diverse privacy needs, develop more effective solutions that can lead to better outcomes for individuals and organizations, and stay current with technology trends, such as artificial intelligence and the Internet of Things. The Privacy Framework is also designed to be compatible with existing domestic and international legal and regulatory regimes and usable by any type of organization to enable widespread adoption.

Extract from NIST Privacy Framework

NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management

Executive Summary

For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem. As a result, individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services. At the same time, organizations may not realize the full extent of these consequences for individuals, for society, or for their enterprises, which can affect their brands, their bottom lines, and their future prospects for growth.

Following a transparent, consensus-based process including both private and public stakeholders to produce this voluntary tool, the National Institute of Standards and Technology (NIST) is publishing this Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework), to enable better privacy engineering practices that support privacy by design concepts and help organizations protect individuals’ privacy.

The Privacy Framework can support organizations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole;*
  • Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators.

Deriving benefits from data while simultaneously managing risks to individuals’ privacy is not well-suited to one-size-fits-all solutions. Like building a house, where homeowners make layout and design choices while relying on a well-engineered foundation, privacy protection should allow for individual choices, as long as effective privacy risk mitigations are already engineered into products and services. The Privacy Framework—through a risk- and outcome-based approach—is flexible enough to address diverse privacy needs, enable more innovative and effective solutions that can lead to better outcomes for individuals and organizations, and stay current with technology trends, such as artificial intelligence and the Internet of Things.

The Privacy Framework follows the structure of the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to facilitate the use of both frameworks together. Like the Cybersecurity Framework, the Privacy Framework is composed of three parts: Core, Profiles, and Implementation Tiers. Each component reinforces privacy risk management through the connection between business and mission drivers, organizational roles and responsibilities, and privacy protection activities.

  • The Core enables a dialogue—from the executive level to the implementation/operations level—about important privacy protection activities and desired outcomes.
  • Profiles enable the prioritization of the outcomes and activities that best meet organizational privacy values, mission or business needs, and risks.
  • Implementation Tiers support decision-making and communication about the sufficiency of organizational processes and resources to manage privacy risk.

In summary, the Privacy Framework is intended to help organizations build better privacy foundations by bringing privacy risk into parity with their broader enterprise risk portfolio.

* There is no objective standard for ethical decision-making; it is grounded in the norms, values, and legal expectations in a given society. 

Full NIST Privacy Framework – Version 1.0 Document

NIST Privacy Framework_V1.0

Read more on the NIST Privacy Framework

Additional Reading

Source: ComplexDiscovery

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during the last two years with 334 individual responses, the semi-annual eDiscovery Pricing Survey highlights pricing on selected collection, processing, and review tasks. The aggregate results of all surveys as shared in the provided comparative charts may be helpful for understanding pricing and its impact on purchasing behavior on selected services over time.

Access the Results Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

California AG Submits Proposed Regulations for Approval Under the CCPA

“As our lives increasingly move online, our data privacy becomes more...

Evaluating Corporate Compliance Programs? Updated DOJ Criminal Division Guidance

The updated guidance document on corporate compliance from the Department of...

A Cybersecurity Self Check? Medical Facilities Best Practice Test Criteria for Article 32 GDPR

According to the publishers, this paper is an aid to quickly...

Classifications, Concerns, and Concepts: Reference Architectures and the Industrial Internet of Things

The expected disruptive developments collectively referred to as the Internet of...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

An eDiscovery Market Size Mashup: 2018-2023 Worldwide Software and Services Overview

The annual eDiscovery Market Size Mashup estimates the combined worldwide eDiscovery...

A Matter of Pricing? A Running Update of Semi-Annual eDiscovery Pricing Survey Responses

First administered in December of 2018 and conducted four times during...

A Pandemeconomic Indicator? Summer 2020 eDiscovery Pricing Survey Results

Based on the complexity of data and legal discovery, it is...

COVID-19 Constrained? The Impact of Six Issues on the Business of eDiscovery

In the spring of 2020, 51.2% of respondents viewed budgetary constraints...

A Cause to Pause? eDiscovery Operational Metrics in the Spring of 2020

In the spring of 2020, 150 eDiscovery Business Confidence Survey participants...

eDiscovery Mergers, Acquisitions, and Investments in Q1 2020

From HaystackID and Everlaw to Cellebrite and Carbonite, ComplexDiscovery findings, data...

eDiscovery Technology Provider Everlaw Raises $62M

"Everlaw is changing the way legal teams uncover the truth buried...

OpenText Buys Secure Information Exchange and Unified Communications Leader XMedius

“We welcome XMedius’s customers, strong partner network and employees to OpenText,"...

TCDI Receives Private Equity Investment from Trivest Partners

“We are excited to partner with TCDI and Bill Johnson to...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...

Five Great Reads on Data Discovery and Legal Discovery for March 2020

From business continuity considerations to cybersecurity attacks, the March 2020 edition...

Five Great Reads on Data Discovery and Legal Discovery for February 2020

From cyber operations to pricing data points on eDiscovery, the February...