Overview#NIST Privacy Framework is a Privacy Framework by NIST and is aligned with the structure of the NIST Cybersecurity Framework to assist Organizational Entity that want to use both frameworks.
Good cybersecurity practices alone are not sufficient to address the full scope of privacy risks that can arise from how organizations collect, store, use, and disclose data (collectively “data processing”) to meet their mission or business objectives, as well as from how individuals interact with products, services, or systems.
NIST Privacy Framework Core#The NIST Privacy Framework Core will provide a set of activities to achieve specific privacy outcomes, and reference examples of guidance to achieve those outcomes. The Core is not a checklist of actions to perform. It will present key privacy outcomes identified by stakeholders as helpful in managing privacy risk.
The functions will be divided into categories closely tied to programmatic needs and subcategories to support specific outcomes for organizations’ technical or management activities. Informative references will provide organizations with guidance in achieving the outcomes.
The functions are:
- Identify - Develop the organizational understanding to manage privacy risk for individuals arising from data processing or their interactions with products, services, or systems.
- Protect - Develop and implement appropriate data safeguards.
- Control - Develop and implement appropriate activities to enable organizations or individuals to manage data with sufficient granularity to meet privacy objectives.
- Inform - Develop and implement appropriate activities to enable organizations and individuals to have a reliable understanding about how data is processed.
- Respond – Develop and implement appropriate activities to take action regarding a privacy breach