NIST began working on the Privacy Framework after the release of its Cybersecurity Framework in October 2018. The organization hosted workshops and roundtables to gather public and private stakeholder input to develop the framework. NIST is now seeking public feedback on this preliminary draft prior to releasing version 1.0, which is expected to be available at the end of 2019.
According to a press release, the NIST Privacy Framework provides a tool that “helps organizations communicate better about privacy risks when designing and deploying products and services, provide more effective solutions that can lead to better privacy outcomes, and facilitate compliance with their legal obligations.”
The NIST Privacy Framework ties to the popular NIST Cybersecurity Framework, as it brings privacy and cybersecurity teams together to address privacy breach risks. Similar to the Cybersecurity Framework, the Privacy Framework is written in accessible language to allow people with non-technical backgrounds to understand shared privacy goals.
In the Profiles section of the framework, the NIST Privacy Framework encourages businesses to create current and target profiles to select outcomes that are relevant to its specific privacy goals and risk tolerance. Buyers can then use these profiles to inform decisions and understand any trade-offs they are willing to accept when buying software, products, and services.
Adding your input
The preliminary draft of the NIST Privacy Framework is available for public comment through 5 PM EDT on Oct. 24, 2019.
*Disclaimer: I am not a lawyer and am not offering legal advice. If you have legal questions, consult a licensed attorney.*
Merry Marwig is a market research analyst at G2 focused on the privacy and data security software markets. Using G2’s dynamic research based on unbiased user reviews, Merry helps companies best understand what privacy and security products and services are available to protect their core businesses, their data, their people, and ultimately their customers, brand, and reputation. Merry's coverage areas include: data privacy platforms, data subject access requests (DSAR), identity verification, identity and access management, multi-factor authentication, risk-based authentication, confidentiality software, data security, email security, and more.