Security News > 2020 > January > NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance

The publication also provides clarification about privacy risk management concepts and the relationship between the Privacy Framework and NIST's Cybersecurity Framework.

The NIST Privacy Framework is not a law or regulation, but rather a voluntary tool that can help organizations manage privacy risk arising from their products and services, as well as demonstrate compliance with laws that may affect them, such as the California Consumer Privacy Act and the European Union's General Data Protection Regulation.

As with its draft version, the Privacy Framework centers on three sections: the Core, which offers a set of privacy protection activities; the Profiles, which help determine which of the activities in the Core an organization should pursue to reach its goals most effectively, and the Implementation Tiers, which help optimize the resources dedicated to managing privacy risk.

Digital privacy risk management is a comparatively new concept, and Lefkovitz said they received many requests for clarification about the nature of privacy risk, as well as for additional supporting resources.

"We have released a companion roadmap for the framework to point the way toward more research to address current privacy challenges, and we are building a repository of guidance resources to support implementation of the framework. We hope the community of users will contribute to it to advance privacy for the good of all."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/HKHTpqGweAI/