It is becoming extremely critical for organizations to build innovative products and services that use personal data while still safeguarding user’s privacy.
To lend a hand to them in this shared mission, the National Institute of Standards and Technology (NIST) has released version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks.
A background into Version 1.0
NIST published a preliminary draft of the Privacy Framework in September 2019, when it requested public feedback. The agency had initially hoped to release version 1.0 by the end of 2019, but it was officially announced only on January 16.
The structure of the Privacy Framework
NIST’s Privacy Framework is comprised of three key parts: the core, profiles, and implementation tiers.
It should be noted that the Privacy Framework is not a law or regulation, but only a voluntary tool to be used to manage risks and ensure compliance with existing legislation, including GDPR and California’s CCPA.
Essence of the framework
According to her, if a firm is looking forward to growing customers' trust through more privacy-protective products or services, this framework can help achieve that. Additionally, it will make it easier for them to keep up with technology advancements and new uses for data.
NIST further said that the Privacy Framework is meant to complement the NIST Cybersecurity Framework; both are slated to go on periodic revisions. The NIST Privacy Framework is available here in PDF format.