The National Institute of Standards and Technology (NIST) issued its Privacy Framework version 1.0 on January 16, 2020. The goal of the Privacy Framework is to support organizations of varying sizes in their use of personal information which includes protected health information (PHI) while efficiently taking care of privacy threats.
The Privacy Framework is a tool that is useful for privacy risk management and in attaining and showing compliance with privacy rules, for instance, the New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act, Health Insurance Portability and Accountability Act (HIPAA), the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
The Privacy Framework can help institutions determine the privacy outcomes they would like to accomplish, give tactics to use to increase privacy protections and attain those privacy targets, make clear privacy management principles, and show how it may be used together with the NIST Cybersecurity Framework and how the two work jointly. NIST says that organizations that have used the NIST Cybersecurity Framework and a very good security posture might not have dealt with all of their privacy issues.
Version 1.0 keeps the framework of the September 2019 draft version but comes with a number of updates as a reply to public remarks. Like with the draft version, the Privacy Framework has three parts:
- The core is a collection of privacy functions
- Profiles allow companies in identifying which activities are necessary to attain their privacy targets
- Implementation Tiers section helps companies in the optimization of resources to deal with privacy issues.
The framework features building blocks that may guide you in reaching your privacy objectives, such as the regulations your company should observe. When you like to boost customer trust by way of offering more privacy-protective services or products, the framework could likewise help.
The Privacy Framework doesn’t just secure sensitive information like Social Security numbers, it also helps secure lower value data which includes data types that can be coupled with others to turn out to be sensitive aa one unit. New data uses are often being uncovered, including artificial intelligence. It is consequently essential to employ a framework for taking care of privacy issues instead of having a checklist of things to carry out. Using the Privacy Framework will help companies to create policies, procedures, and systems to secure data, deal with privacy risks efficiently, and make certain those risks are controlled with time.
The framework is going to help companies future-proof their services and products with privacy practices that will conform to varying systems, policies, and new regulations. The framework furthermore tackles some facets of privacy that are lacking from HIPAA but are specifically relevant at present because of developments in technology.
The framework works as a guide to show the way to more research to handle present-day privacy challenges. NIST is developing a database of guidance resources to assist in the use of the framework.
Get a copy of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management on NIST’s web page.