- NIST’s Privacy Framework is comprised of three key parts: the core, profiles, and implementation tiers.
- It is helpful for firms looking forward to grow the trust of its customers through more privacy-protective products or services.
It is becoming extremely critical for organizations to build innovative products and services that use personal data while still safeguarding user’s privacy.
To lend a hand to them in this shared mission, the National Institute of Standards and Technology (NIST) has released version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks.
A background into Version 1.0
NIST published a preliminary draft of the Privacy Framework in September 2019, when it requested public feedback. The agency had initially hoped to release version 1.0 by the end of 2019, but it was officially announced only on January 16.
- The framework is a one-size-fit-all solution to help organizations of all sizes in all sectors.
- It emphasizes on three main aspects of privacy: taking privacy into account when developing a service or product, communicating about privacy practices, and cross-organizational collaboration.
The structure of the Privacy Framework
NIST’s Privacy Framework is comprised of three key parts: the core, profiles, and implementation tiers.
- The Core: offers a set of privacy protection activities and propels organizations for internal communication.
- The Profiles represent functions, categories, and subcategories to help organizations determine the activities they’d need to pursue from the Core.
- Implementation Tiers: In the final step, organizations learn to optimize the resources needed to achieve their target profile.
It should be noted that the Privacy Framework is not a law or regulation, but only a voluntary tool to be used to manage risks and ensure compliance with existing legislation, including GDPR and California’s CCPA.
Essence of the framework
According to her, if a firm is looking forward to growing customers' trust through more privacy-protective products or services, this framework can help achieve that. Additionally, it will make it easier for them to keep up with technology advancements and new uses for data.
NIST further said that the Privacy Framework is meant to complement the NIST Cybersecurity Framework; both are slated to go on periodic revisions. The NIST Privacy Framework is available here in PDF format.