NIST Privacy Framework
Summary
This webinar covers a global perspective on the NIST Privacy Framework. Our expert speakers discuss the privacy background, overview and practical considerations.
Key takeaways
Privacy Framework overview
The Privacy Framework was published in its final form on 16 January 2020, and had just two months of life before the COVID-19 pandemic stopped a lot of activity around the world. The Framework is intended to help organizations answer, as outlined by NIST, the fundamental question of ‘How are we considering the impact on individuals as we develop our systems and products. In other words, what are the privacy consequences of the operation?' The Framework is an entirely voluntary and non-binary tool to assist organizations with compliance with existing legal requirements, but it can also be used as the foundation to help draft new privacy laws. The Privacy Framework was built around the model of the NIST Cybersecurity Framework which was originally released in 2014. The Privacy Framework operates above and beyond legal requirements such as reputation, customer trust and adaption rate and nonetheless flexibility with multiple tiers which consists 4 Tiers: Partial, Risk Informed, Repeatable and Adaptive.
Practical considerations
The Framework is a compliance tool only and does not guarantee compliance. The Privacy Risk Management Practices under the Framework consist of risk management role assignments, enterprise risk management strategy, organizational-level privacy requirements, system/product/service design artifacts and data maps, whilst the Privacy Risk Assessments assist in prioritising risks and responding to risks.
Global context
A larger global context highlights the differences in scope and application of global regulations and highlight the diversities and complexities that privacy frameworks can struggle to accommodate for. The NIST Privacy Framework offers the benefit of being flexible to an organisation’s structure and requirements, as well local regulatory and accountability requirements.
How OneTrust DataGuidance Helps
OneTrust DataGuidance™ is the industry’s most in-depth and up-to-date source of privacy and security research, powered by a contributor network of over 800 lawyers, 40 in-house legal researchers, and 14 full time in-house translators. OneTrust DataGuidance™ offers solutions for your research, planning, benchmarking, and training.
OneTrust DataGuidance solutions are integrated directly into OneTrust products, enabling organisations to leverage OneTrust to drive compliance with hundreds of global privacy and security laws and frameworks. This approach provides the only solution that gives privacy departments the tools they need to efficiently monitor and manage the complex and changing world of privacy management.