Example: bachelor of science

NIST Privacy Framework: A Tool for Improving Privacy ...

Version NIST Privacy FRAMEWORK: A tool FOR Improving Privacy THROUGH ENTERPRISE RISK MANAGEMENT January 16, 2020 The contents of this document do not have the force and effect of law and are not meant to bind the public in any way. NIST Privacy Framework January 16, 2020 i Executive Summary For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem.

Jan 16, 2020 · NIST PRIVACY FRAMEWORK: A TOOL FOR IMPROVING PRIVACY THROUGH ENTERPRISE RISK MANAGEMENT January 16, 2020 The contents of this document do not have the force and effect of law and are not meant to bind the public in any way.

Fullscreen Download

Tags:

  Tool, Inst

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of NIST Privacy Framework: A Tool for Improving Privacy ...

1 Version NIST Privacy FRAMEWORK: A tool FOR Improving Privacy THROUGH ENTERPRISE RISK MANAGEMENT January 16, 2020 The contents of this document do not have the force and effect of law and are not meant to bind the public in any way. NIST Privacy Framework January 16, 2020 i Executive Summary For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem.

2 As a result, individuals may not be able to understand the potential consequences for their Privacy as they interact with systems, products, and services. At the same time, organizations may not realize the full extent of these consequences for individuals, for society, or for their enterprises, which can affect their brands, their bottom lines, and their future prospects for growth. Following a transparent, consensus-based process including both private and public stakeholders to produce this voluntary tool , the National Institute of Standards and Technology (NIST) is publishing this Privacy Framework: A tool for Improving Privacy through Enterprise Risk Management ( Privacy Framework), to enable better Privacy engineering practices that support Privacy by design concepts and help organizations protect individuals Privacy .

3 The Privacy Framework can support organizations in: Building customers trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals Privacy and society as a whole;1 Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and Facilitating communication about Privacy practices with individuals, business partners, assessors, and regulators. Deriving benefits from data while simultaneously managing risks to individuals Privacy is not well-suited to one-size-fits-all solutions.

4 Like building a house, where homeowners make layout and design choices while relying on a well-engineered foundation, Privacy protection should allow for individual choices, as long as effective Privacy risk mitigations are already engineered into products and services. The Privacy Framework through a risk- and outcome-based approach is flexible enough to address diverse Privacy needs, enable more innovative and effective solutions that can lead to better outcomes for individuals and organizations, and stay current with technology trends, such as artificial intelligence and the Internet of Things.

5 The Privacy Framework follows the structure of the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) [1] to facilitate the use of both frameworks together. Like the Cybersecurity Framework, the Privacy Framework is composed of three parts: Core, Profiles, and Implementation Tiers. Each component reinforces Privacy risk management through the connection between business and mission drivers, organizational roles and responsibilities, and Privacy protection activities. The Core enables a dialogue from the executive level to the implementation/operations level about important Privacy protection activities and desired outcomes.

6 Profiles enable the prioritization of the outcomes and activities that best meet organizational Privacy values, mission or business needs, and risks. 1 There is no objective standard for ethical decision-making; it is grounded in the norms, values, and legal expectations in a given society. NIST Privacy Framework January 16, 2020 ii Implementation Tiers support decision-making and communication about the sufficiency of organizational processes and resources to manage Privacy risk. In summary, the Privacy Framework is intended to help organizations build better Privacy foundations by bringing Privacy risk into parity with their broader enterprise risk portfolio.

7 Acknowledgements This publication is the result of a collaborative effort between NIST and organizational and individual stakeholders in the public and private sectors. In developing the Privacy Framework, NIST has relied upon three public workshops, a request for information (RFI), a request for comment (RFC), five webinars, and hundreds of direct interactions with NIST acknowledges and thanks all of those who have contributed to this publication. 2 A complete development archive can be found at NIST Privacy Framework January 16, 2020 iii Table of Contents Executive Summary.

8 I Acknowledgements ..ii Privacy Framework Introduction ..1 Overview of the Privacy Framework .. 2 Privacy Risk Management .. 2 Cybersecurity and Privacy Risk Management .. 3 Privacy Risk Assessment .. 4 Document Overview .. 5 Privacy Framework Basics ..6 Core .. 6 8 Implementation Tiers .. 8 How to Use the Privacy Framework ..9 Mapping to Informative References .. 9 Strengthening 10 Establishing or Improving a Privacy Program .. 11 Applying to the System Development Life Cycle .. 12 Using within the Data Processing Ecosystem .. 13 Informing Buying Decisions.

9 14 References .. 15 Appendix A: Privacy Framework Core .. 17 Appendix B: Glossary .. 28 Appendix C: Acronyms .. 31 Appendix D: Privacy Risk Management Practices .. 32 Appendix E: Implementation Tiers Definitions .. 37 List of Figures Figure 1: Core, Profiles, and Implementation 2 Figure 2: Cybersecurity and Privacy Risk Relationship .. 3 Figure 3: Relationship Between Privacy Risk and Organizational Risk .. 4 Figure 4: Privacy Framework Core Structure .. 6 Figure 5: Using Functions to Manage Cybersecurity and Privacy 7 Figure 6: Relationship Between Core and Profiles .. 8 Figure 7: Notional Collaboration and Communication Flows Within an Organization.

10 10 Figure 8: Data Processing Ecosystem Relationships .. 13 List of Tables Table 1: Privacy Framework Function and Category Unique Identifiers .. 19 Table 2: Privacy Framework Core .. 20 Table 3: Privacy Engineering and Security Objectives .. 34 NIST Privacy Framework January 16, 2020 1 Privacy Framework Introduction For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and access to social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem.

Show more

Documents from same domain

Guidelines for Storage and Temperature Monitoring of ...

Guidelines for Storage and Temperature Monitoring of ...

www.nist.gov

May 09, 2017 · • Verify temperature stability using a digital data logger thermometer (min. accuracy = ±0.5 °C) ... Best storage practice – place vaccines in center fridge space, contained in original packaging, inside designated storage trays positioned 2 to 3 in from refrigerator walls

  Temperatures, Storage

Open Source Mobile Device Forensics - NIST

Open Source Mobile Device Forensics - NIST

www.nist.gov

Autopsy – Android Module • WhatsApp Extract – wa.db and msgstore.db • Scalpel • SQLite Browser • Hex Editor • Anything capable of mounting EXT • FTK Imager • Customized scripts • Manual examination Analytical Tools…to Name a Few

  Inst, Autopsy

Inductance Measurement Using an LCR Meter and a …

Inductance Measurement Using an LCR Meter and a …

www.nist.gov

involves the use of capacitance, resistance, and inductance standards with known frequency ... capacitance and resistance values are adjusted until the same LCR reading is achieved, within the ... where the nominal value, L, of the inductor is used and its

  Standards, Resistance, Value, Nominal, Inductance, Resistance values, Inductance standards

Photovoltaics: Safety & Efficiency Codes, Standards and ...

Photovoltaics: Safety & Efficiency Codes, Standards and ...

www.nist.gov

labelled for safety performance: UL, Intertek, TUV • Secondary source of PV standards in the USA: ASTM International • Both IEC and ASTM Intl publish numerous PV standards; many are very similar and so redundant.

  Intertek

GMP 11 Assignment and Adjustment of Calibration Intervals ...

GMP 11 Assignment and Adjustment of Calibration Intervals ...

www.nist.gov

mass calibration procedure, maintaining equipment in good operating condition that minimizes contamination and prevents deterioration is a requirement for all laboratory balances and comparators as a part of accreditation and recognition. The ...

  Calibration, Procedures, Calibration procedure

2019-2020 Baldrige Excellence Builder - NIST

2019-2020 Baldrige Excellence Builder - NIST

www.nist.gov

Feb 06, 2019 · Baldrige Excellence Builder. self-assessment helps you identify and improve what is critical to your organization’s success. By completing and acting on this assessment, you will be better positioned to accomplish your mission, improve your results, and become more competitive. The . Excellence Builder

  Excellence, 2019, Inst, 2200, Rebuilds, Baldrige, 2019 2020 baldrige excellence builder, Baldrige excellence builder

Critical Infrastructure Cybersecurity - NIST

Critical Infrastructure Cybersecurity - NIST

www.nist.gov

• Of any size, in any sector in (and outside of) the critical infrastructure • That already have a mature cyber risk management and cybersecurity program • That don’t yet have a cyber risk management or cybersecurity program • With a mission of helping keep up-to-date on managing risk and facing business or societal threats

  Critical, Infrastructures, Management, Critical infrastructures, Risks, Risk management, Inst

Operator’s Manual - NIST

Operator’s Manual - NIST

www.nist.gov

Ultrasonic sound is sound transmitted at frequencies generally beyond the range of human hearing. In your ultrasonic cleaner, ultrasonic sound (sonics) is used for cleaning materials and parts. This is how it works: • As the sound waves from the transducer radiate through the solution in the tank, they cause alternating high and low pressures

  Ultrasonic, Inst

Evaluation of Cloud Computing Services Based on NIST 800 ...

Evaluation of Cloud Computing Services Based on NIST 800 ...

www.nist.gov

May 31, 2017 · To demystify the ambiguity surrounding cloud services, the NIST Cloud Computing Services Public Working Group analyzed the NIST cloud computing definition and developed guidance on how to use it to evaluate cloud services. 1 Office of Management and Budget, U.S. Chief Information Officer, Federal Cloud Computing Strategy, Feb. 8, 2011.

  Services, Cloud, Inst, Cloud services, Nist cloud

REFPROP Documentation - NIST

REFPROP Documentation - NIST

www.nist.gov

May 23, 2018 · equilibrium. The program does not know the location of the freezing line for mixtures. Certain mixtures can potentially enter into these areas without giving warnings to the user. Some mixtures have components with a wide range of volatilities (i.e., large differences in boiling points), as indicated by a critical temperature ratio greater than 2.

  Points, Inst, Boiling point, Boiling, Mixtures

Related documents

Enterprise Risk Management Maturity Model - OECD

Enterprise Risk Management Maturity Model - OECD

www.oecd.org

Maturity models are a relatively common tool, often used on a self -assessment basis, to help organisations understand their current level of capability in a particular functional, strategic or organisational area. In ... The digital maturity model was

  Code, Model, Management, Risks, Enterprise, Tool, Digital, Maturity, Digital maturity, Enterprise risk management maturity model

How good is OUR school? Part 1 - Education Scotland

How good is OUR school? Part 1 - Education Scotland

education.gov.scot

school community. For example, some schools may like to develop a digital version of the framework. All of these approaches are perfectly acceptable. There is no prescribed way of using the resource. ... with the age and maturity of the child” (unicef.org.uk) How good is OUR school? A toolkit to support learner participation in self ...

  Good, School, Digital, Maturity, How good is our school

V. Gilsanz/O. Ratib · Hand Bone Age - chospab.es

V. Gilsanz/O. Ratib · Hand Bone Age - chospab.es

www.chospab.es

digital imaging, multiple attempts have been made to develop image-pro- ... and, at skeletal maturity, fuse with the main body of the bone. Comparing ... useful clinical tool, is subjective and restricted to the adolescent period. Unfortunately, most …

  Tool, Digital, Maturity

Digital Disruption in Banking and its Impact on Competition

Digital Disruption in Banking and its Impact on Competition

www.oecd.org

maturity transformation and liquidity provision: taking deposits short term and making ... and are becoming a fundamental tool of digital disruption. They enable software applications to share data and functionality and represent a remedy for markets with high switching costs, increasing contestability as they ...

  Tool, Digital, Maturity

Digital CRM 2.0 Building customer relationships in the ...

Digital CRM 2.0 Building customer relationships in the ...

www2.deloitte.com

digital CRM maturity. Although there was often a fluency in agile project execution at the operational level, leadership teams were stuck ... not see CRM as just another tool. They see it as a strategic guidance for building lasting and profitable relationships with

  Tool, Digital, Maturity

YOUR KIA LEASE-END KIT - pfile.hcamerica.com

YOUR KIA LEASE-END KIT - pfile.hcamerica.com

pfile.hcamerica.com

with the tool enclosed. If you complete your self-inspection and still have questions on . your vehicle’s condition, contact one of our Lease-End Advisors . ... in your vehicle before your lease maturity is considered an ear ly termination and may result in significant charges. Refer to your

  Your, Tool, Lease, Maturity, Your kia lease end kit

Securing Excellence in Primary Care (GP) Digital Services

Securing Excellence in Primary Care (GP) Digital Services

www.england.nhs.uk

• Ensure digital technologies are available to enable service improvement, transformation of care arrangements and patient/citizen digital engagement with primary care. • Define the responsibilities of all principal stakeholders in the delivery and utilisation of digital services for general practice.

  Digital

Related search queries

Enterprise Risk Management Maturity Model, OECD, Maturity, Tool, Digital maturity, How good is OUR school, Digital, YOUR KIA LEASE-END KIT