The National Institute of Standards and Technology (NIST) just released its first version of its privacy framework, a tool to give organizations guidance on how to manage risks and be in compliance with new privacy laws.
The National Institute of Standards and Technology (NIST) just released its first version of its privacy framework, a tool to give organizations guidance on how to manage risks and be in compliance with new privacy laws.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
With the enactment of far-reaching data privacy regulations like GDPR and CCPA, the new NIST Privacy Framework could not have come at a better time. The framework provides a canonical standard in language business managers understand. This will undoubtedly help companies organize their privacy processes so they can protect their customers\’ personal data and comply with regulations. The impact of this is analogous to the NIST Cybersecurity Framework, in that it provides a business-level guide of how to do things right. As usual, privacy policies only work when they are part of an ongoing process of managing and collaborating with third parties, as the new NIST standard makes clear. Therefore, companies should be sure to put in place a comprehensive third-party cyber risk process that also considers compliance with privacy regulations.
Cybersecurity and privacy are merging closer together, especially as we see the introduction and enforcement of regulations like GDPR and CCPA. It\’s great to see frameworks like NIST help organizations map out the areas of potential risk as it relates both to privacy and cybersecurity. Organizations should follow such a framework to manage and mitigate risk, but remember that it takes time to check all of the boxes. It\’s important to identify the biggest, and most critical gaps first, and then address less critical gaps down the road.