Could the voluntary National Institute of Standards and Technology’s Privacy Framework help avoid missed connections in privacy, forestalling the next data breach or privacy scandal by baking data protection into new products from conception?
Is “true privacy engineering” possible? Caitlin Fennessey argues that it may well be able to do that. NIST modeled the Privacy Framework on its successful Cybersecurity Framework.
“Much like the CSF, the Privacy Framework is organized around the functions an organization must undertake to manage privacy risk, the profile of the organization using it, and a tiered implementation structure. Organizations are encouraged to move to a higher ‘tier’ or more sophisticated risk management program based on the privacy risk their data processing operations create.”
“The ‘core’ outlined in each framework is, as the name implies, the heart of the matter. The Privacy Framework core is divided into five functions: identify, protect, control, inform and respond.”
The framework draft is open to public comment and will evolve as NIST’s consultation process proceeds.