Challenged by Privacy? The NIST Privacy Framework

The NIST Privacy Framework is a voluntary tool intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Editor’s Note: Taken directly from the NIST Privacy Framework website, the following information is provided to highlight the introduction of version 1.0 of the NIST Privacy Framework published on January 16, 2020. According to NIST, the Framework enables organizations to communicate and prioritize their privacy protection activities and outcomes to address diverse privacy needs, develop more effective solutions that can lead to better outcomes for individuals and organizations, and stay current with technology trends, such as artificial intelligence and the Internet of Things. The Privacy Framework is also designed to be compatible with existing domestic and international legal and regulatory regimes and usable by any type of organization to enable widespread adoption.

Extract from NIST Privacy Framework

NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management

Executive Summary

For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem. As a result, individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services. At the same time, organizations may not realize the full extent of these consequences for individuals, for society, or for their enterprises, which can affect their brands, their bottom lines, and their future prospects for growth.

Following a transparent, consensus-based process including both private and public stakeholders to produce this voluntary tool, the National Institute of Standards and Technology (NIST) is publishing this Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework), to enable better privacy engineering practices that support privacy by design concepts and help organizations protect individuals’ privacy.

The Privacy Framework can support organizations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole;*
  • Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators.

Deriving benefits from data while simultaneously managing risks to individuals’ privacy is not well-suited to one-size-fits-all solutions. Like building a house, where homeowners make layout and design choices while relying on a well-engineered foundation, privacy protection should allow for individual choices, as long as effective privacy risk mitigations are already engineered into products and services. The Privacy Framework—through a risk- and outcome-based approach—is flexible enough to address diverse privacy needs, enable more innovative and effective solutions that can lead to better outcomes for individuals and organizations, and stay current with technology trends, such as artificial intelligence and the Internet of Things.

The Privacy Framework follows the structure of the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to facilitate the use of both frameworks together. Like the Cybersecurity Framework, the Privacy Framework is composed of three parts: Core, Profiles, and Implementation Tiers. Each component reinforces privacy risk management through the connection between business and mission drivers, organizational roles and responsibilities, and privacy protection activities.

  • The Core enables a dialogue—from the executive level to the implementation/operations level—about important privacy protection activities and desired outcomes.
  • Profiles enable the prioritization of the outcomes and activities that best meet organizational privacy values, mission or business needs, and risks.
  • Implementation Tiers support decision-making and communication about the sufficiency of organizational processes and resources to manage privacy risk.

In summary, the Privacy Framework is intended to help organizations build better privacy foundations by bringing privacy risk into parity with their broader enterprise risk portfolio.

* There is no objective standard for ethical decision-making; it is grounded in the norms, values, and legal expectations in a given society. 

Full NIST Privacy Framework – Version 1.0 Document

NIST Privacy Framework_V1.0

Read more on the NIST Privacy Framework

Additional Reading

Source: ComplexDiscovery

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

The results of the recent Summer 2020 eDiscovery Business Confidence Survey present the unfortunate and continuing impact of COVID-19 on the business of eDiscovery. However, for these pandemic-driven results to be fully understood, they should be viewed through the contextual lens of the results of all nineteen surveys that have been administered to eDiscovery professionals since the inception of the eDiscovery Business Confidence Survey in early 2016.



Check Out the Observations Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

Missing Something? Topic Modeling in eDiscovery

The basic idea behind topic modeling, according to eDiscovery expert and...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

Mitratech Acquires Tracker Corp

The acquisition supports Mitratech’s mission to provide legal and compliance solutions...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

Based on the aggregate results of nineteen past eDiscovery Business Confidence...

A Growing Concern? Budgetary Constraints and the Business of eDiscovery

In the summer of 2020, 56% of respondents viewed budgetary constraints...

A Change in Tempo? eDiscovery Operational Metrics in the Summer of 2020

In the summer of 2020, 91 eDiscovery Business Confidence Survey participants...

Shifting Gears? eDiscovery Business Confidence Survey Results – Summer 2020

This is the nineteenth quarterly eDiscovery Business Confidence Survey conducted by...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

Mitratech Acquires Tracker Corp

The acquisition supports Mitratech’s mission to provide legal and compliance solutions...

XDD Acquires LightSpeed Legal

According to David Moran, XDD President, and COO, “As we continue...

Five Great Reads on eDiscovery for July 2020

From business confidence and operational metrics to data protection and privacy...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...