NIST’s Privacy Framework: Step-by-Step Instructions for Building a Privacy Program
NIST-Privacy-Framework-V1.0-Core About the NIST Privacy Risk Management Framework. NIST released the Privacy Risk Management Framework: an Enterprise Tool, v.1 on January 16, 2020. Aperture Law Group's Founder Jill DeGraff participated in early NIST workshops and began using preliminary drafts of the Framework with clients in May 2019. The Framework establishes a step-wise sequence of activities that is oriented around five core functions: Identify, Govern, Control, Communicate and Protect. Within each of these core functions, the Framework describes specific tasks and workstreams (activities and sub-activities, respectively). For example, an activity for the "Identify" function is to perform an inventory and mapping of all systems, products and services involved in data processing. Sub-activities include: producing an inventory of all systems/products and services that process data; and producing an inventory of all owner/operators of these systems, products and systems, and their respective roles in data processing. An organization that documents the activities described in the Framework can produce a deliverable Privacy Risk Management Plan. The Plan accomplishes three important steps of any company that wants to be "privacy forward". First, it documents factual predicates for establishing an organization's unique system of privacy controls. Second, it includes a narrative description of these privacy controls. …