OCR of the Document

View the Document >>

National Institute of Standards and Technology, “NIST Privacy Framework: An Enterprise Risk Management Tool.” September 2018. Unclassified.

NIST Privacy Framework FACT SHEET September 2018 An Enterprise Risk Management Tool Why a Privacy Framework The challenge It is a challenge to design operate or use technologies in ways that are mindful of diverse privacy needs in an increasingly connected and complex environment Inside and outside the U S there are multiplying visions for how to address these challenges Why good cybersecurity doesn’t solve it all While good cybersecurity practices help manage privacy risk by protecting people’s information privacy risks also can arise from how organizations collect store use and share this information to meet their mission or business objective as well as how individuals interact with products and services Addressing the privacy challenge The U S Department of Commerce is developing a forward-thinking approach that supports innovation and strong consumer privacy protections The National Institute of Standards and Technology NIST is leading the development of a voluntary privacy framework as an enterprise risk management tool for organizations while the National Telecommunications and Information Administration is leading the development of a set of privacy principles and coordinating with the International Trade Administration to ensure consistency with international policy objectives What is the NIST Privacy Framework • NIST aims to collaboratively develop the Privacy Framework as a voluntary enterprise-level tool that could provide a catalog of privacy outcomes and approaches to help organizations prioritize strategies that create flexible and effective privacy protection solutions and enable individuals to enjoy the benefits of innovative technologies with greater confidence and trust • It should assist organizations to better manage privacy risks within their diverse environments rather than prescribing the methods for managing privacy risk • The framework should also be compatible with and support organizations’ ability to operate under applicable domestic and international legal or regulatory regimes NIST’s Collaborative Process • NIST has a long track record of successfully and collaboratively working with the private sector and federal agencies to develop guidelines and standards With experience in developing the Framework for Improving Critical Infrastructure Cybersecurity Cybersecurity Framework and extensive privacy expertise NIST is well positioned to lead the development of this framework • NIST will model the approach for this framework based on the successful open transparent and collective approach used to develop the Cybersecurity Framework • NIST will convene and work with industry civil society groups academic institutions Federal agencies state local territorial tribal and foreign governments standard-setting organizations and others conducting extensive outreach through a series of workshops and requests for public comment CONTACT privacyframework@nist gov LEARN MORE Visit www nist gov privacyframework