Business Case for the NIST Privacy Framework
June 28, 2023
The privacy landscape is changing fast, and business leaders are trying to keep up.
Reflections on A New Consumer Privacy Health Standard in WashingtonFifty Shades of Consumer Health Data: How a Risk-Based Approach Provides More Clarity_____________________________________________________
The NIST Privacy Framework offers organizations a voluntary and adaptable set of guidelines and best practices for effectively managing privacy risks. Its flexible approach enables customization to suit an organization's specific needs, helping to identify and manage privacy risks while fostering innovation and safeguarding individuals' privacy.
11:35 - During the discussion, Nandita highlights the significance of the framework's crosswalks, which startups often use to meet compliance requirements. Dylan later explains that crosswalks are mappings between various laws or regulations and the NIST Privacy Framework, aiding organizations in implementing the framework effectively.
Crosswalks offer a consolidated view of regulatory requirements, which can be beneficial for organizations operating in diverse jurisdictions or industries with varying compliance obligations. By aligning multiple regulations with a unified framework, organizations can identify areas of compliance overlap, gaps, or inconsistencies, guiding their compliance strategies and promoting integrated and efficient programs.
22:17 - Throughout the episode, Dylan emphasizes the many resources provided by NIST, such as the research repository and the appendices. He encourages listeners to utilize these free tools in conjunction with the core privacy framework by highlighting their guidance, best practices, and support during implementation.
The repository is a collection of crosswalks, common profiles, and guidelines designed to provide organizations with the knowledge needed to customize their approach to data privacy. Common profiles are sets of specific privacy controls or requirements tailored to address the needs and characteristics of different types of organizations or sectors. This type of tool supports organizations in taking control of privacy customization, efficiency, and risk management by providing examples of frameworks specific to a particular industry, sector, or organizational context.
Appendix D, which Dylan mentioned specifically, offers guidance around privacy risk management practices. Topics include organizing preparatory resources, assigning risk management roles, and identifying key stakeholders. It also guides decision-makers in determining the capabilities of an organization’s potential privacy structure.
Though the privacy framework and the additional tools NIST offers can serve as a guide to help organizations meet compliance guidelines, both the hosts and the guests repeatedly encourage listeners to think of it as more than a checklist. It’s an opportunity to challenge existing views on privacy and integrate security into every aspect of an organization.
In fact, Jason and Dona wrap up the episode by urging organizations to step away from siloed approaches to privacy and open their eyes to its pervasive influence across all activities and engagements. A comprehensive commitment to privacy requires the involvement of every individual within the organization
Privacy for Start-Ups
With tens of thousands of entrepreneurs in the United States, how do these business leaders ensure privacy is part of any pivots or growth plans? What are the data wants vs the must haves? Priv hosts are joined by the Tech Diplomacy Network’s Katharina Koerner and Santa Clara University’s Professor Linsey Krolik to discuss the privacy questions entrepreneurs face when getting their business started.
The Government Purchase of Private Data
In this episode of Privacy Abbreviated, professor Matthew Tokson joins our hosts to discuss how the collection and sale of private data may help government agencies circumvent legal requirements.
Ad Watchers: What is the appeal of an appeal? Getting to Know NARB
In this episode of Ad Watchers, your hosts discuss a critical link in the chain of advertising industry self-regulation: the National Advertising Review Board, or NARB, the appellate body for National Advertising Division cases.
Filling Privacy Gaps with Soft Law Solutions
In this episode of Privacy Abbreviated, our hosts are joined by the Future of Privacy Forum’s Jameson Spivack to discuss how industry-developed standards and best practices can guide policymaking allowing hard law to adopt the lessons learned from soft law.