D
DelJo63
NIST (National Institute Standards & Technology) is a kindred spirit to the W3C (World Wide Web Consortium)
Attempting to digest the GDPR, CCPA, or whatever will send your mind spinning.
NIST has released a Privacy Framework to help you get your house in order. You can use the Privacy Framework when developing new products and services to ensure that they tick all your privacy boxes. It’s a good tool when conducting the privacy impact assessments that regulations like GDPR demand. It isn’t a compliance toolkit for meeting the requirements of specific regulations. Instead, it’s a voluntary toolkit that you can use to think about your approach to privacy. You can use bits of or all of it – NIST isn’t prescriptive.
The core contains a set of five functions that you work through as part of your privacy assessment process.
You can review the suggestions at
nakedsecurity.sophos.com
Attempting to digest the GDPR, CCPA, or whatever will send your mind spinning.
NIST has released a Privacy Framework to help you get your house in order. You can use the Privacy Framework when developing new products and services to ensure that they tick all your privacy boxes. It’s a good tool when conducting the privacy impact assessments that regulations like GDPR demand. It isn’t a compliance toolkit for meeting the requirements of specific regulations. Instead, it’s a voluntary toolkit that you can use to think about your approach to privacy. You can use bits of or all of it – NIST isn’t prescriptive.
The core contains a set of five functions that you work through as part of your privacy assessment process.
- The first, Identify-P, involves spotting and understanding privacy risks.
- The second, Govern-P, is where you define the rules to deal with them, thinking up your privacy policies to help meet risk and regulatory requirements.
- The Control-P function is the sharp end, where you manage data in line with your governance structure.
- You then establish lines of communication to tell people about those risks and controls as part of the Communicate-P function.
- The final function, Protect-P, is the part of the core framework that governs cybersecurity risk.
You can review the suggestions at
Naked Security – Sophos News
nakedsecurity.sophos.com
