NP Privacy Partner
Search Nixon Peabody's Data Privacy and Cybersecurity blog  Nixon Peabody on Twitter Nixon Peabody on YouTube
Subscribe:Nixon Peabody's Data Privacy and Cybersecurity blog  Nixon Peabody's Data Privacy and Cybersecurity blog
Share Print View
NIST issues Privacy Framework

The National Institute of Standards and Technology (NIST), working in collaboration with private and public stakeholders, has issued a preliminary draft of its voluntary NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework). This document strives to drive better privacy engineering and aid organizations in the protection of individuals’ privacy. Among its goals, the Privacy Framework seeks to build customer-trust through product and service design or deployment that optimizes beneficial uses of data. It also seeks to build organizational communication channels about privacy practices with customers, assessors, and regulators. NIST provides the Privacy Framework to assist organizations by building “better privacy foundations by bringing privacy risk into parity with their broader enterprise risk portfolio.”

The Privacy Framework applies to organizations of all sizes and “agnostic to any particular technology, sector, law, or jurisdiction.” Through its recommended protocols, diverse sectors of an organization’s workforceexecutives, legal, and ITwill be responsible for different outcomes and activities. Cross-organization collaboration is essential to identification of privacy protections and cybersecurity risks. The Privacy Framework focuses on all organizations and entities regardless of their role in “the data processing ecosystemthe complex and interconnected relationships among entities involved in creating or deploying systems, products, or services.”

The Privacy Framework is composed of three parts: Core, Profiles, and Implementation Tiers, each of which reinforces privacy risk management through connection between business/mission drivers and privacy protection activities. The Core delineates best practices to allow for communicating prioritized privacy protection activities and outcomes across all sectors of an organization from the C-suite to the implementation and operation levels. The Profiles direct organizations to identify business and mission drivers in its data processing and privacy protections. Profiles can enable continual privacy enhancement by evolving current practices into targeted best practices. The Implementation Tiers provide a point of reference on how an organization views privacy risks and how it approaches agile management of such risks.

All organizations should take the time to read and evaluate  the recommendations of the Privacy Framework. NIST will accept public comments on the preliminary draft through October 24.


There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.
* indicates a required field


Body *

Date *


Privacy Policy | Terms of Use and Conditions | Statement of Client Rights
This website contains attorney advertising. Prior results do not guarantee a similar outcome. © 2018 Nixon Peabody LLP
Sort by AttachmentsParentCategory