The National Institute of Standards and Technology (NIST) released a draft version of its Privacy Framework in a notice on the Federal Register today, making some changes from the discussion draft released this spring and moving closer to the final version.
The Privacy Framework, developed by NIST to align with its existing Cybersecurity Framework, is designed to help organizations assess and manage privacy risks during system design and deployment. The framework is “intended to be widely usable by organizations of any size and agnostic to any particular technology, sector, law, or jurisdiction,” NIST states.
The framework has five main functions, with categories and subcategories beneath them:
- Communicate, and;
Compared to the draft version released in May, the new draft of NIST’s Privacy Framework places a greater emphasis on governance, designating it as its own function within the framework. The new version of the framework also adapts the Detect, Respond, and Recover functions from the Cybersecurity Framework, and includes them in the documentation and adapting them for privacy-related incidents. The new draft of the Privacy Framework also highlight the overlap with the Cybersecurity Framework, with 27 identical subcategories of implementation.
The comment period on the new version of the Privacy Framework is open until Oct. 24.