NIST releases new Privacy Framework

On 16 January 2020, the National Institute of Standards and Technology (NIST) released version 1.0 of the NIST Privacy Framework.

The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organisations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.

The Privacy Framework can support organisations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or deployment that optimises beneficial uses of data while minimising adverse consequences for individuals’ privacy and society as a whole;
  • Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators.

Incident Response Solutions recognises that many organisations have already adopted the NIST Cybersecurity Framework (released in 2014). To assist in managing cyber risk, Incident Response Solutions offers an automated tool that assist their clients in conforming to the NIST Cybersecurity Framework.

The NIST Privacy Framework has an overarching structure modelled on the NIST Cybersecurity Framework. The two frameworks are designed to be complementary and also updated over time. While privacy and security are related, they are still distinct concepts. Adopting a good security posture does not necessarily mean that an organisation is addressing all its privacy needs.

Again, to assist their clients in managing privacy risk, Incident Response Solutions has automated the process of conforming to the NIST Privacy Framework.

Both tools now available for use.

Contact Incident Response Solutions for a consultation.