NIST Privacy Framework: Insights on New Tool for Managing Privacy Risks

NIST’s new Privacy Framework could end up, like its cybersecurity predecessor, influencing discussions between regulators and companies. NIST introduced the Framework in January 2020 as a tool for organizations of all sizes to embed privacy protections more deeply into their products, services and operations, and to address and manage privacy risks. In this first part of a two-article series, the Cybersecurity Law Report discusses the Framework’s aims, approach and structure with NIST’s senior privacy policy advisor Naomi Lefkovitz. We also share the insights of privacy practitioners from Nationwide Mutual Insurance, Robinson+Cole, Privacy Ref and IAPP about how the Framework could shape interactions between companies and regulators, and how it compares to other privacy frameworks, including the recently released standard from the International Organization for Standardization. Part two will cover possible uses of the Framework and NIST’s plan to augment the Framework. See “Eleven Key Components of an Effective Privacy Program” (Feb. 26, 2020).

To read the full article

Continue reading your article with a CSLR subscription.