Introduction to the National Institute of Standards and Technology (NIST) Privacy Framework v10

00:00

Welcome to module 2.9

00:02

Introduction to National Institute of Standards and Technology, otherwise known as Nist

00:07

Privacy Framework. Version 1.0

00:13

in this module will cover what missed privacy framework. Version 1.2 covers also understanding of the specifics of the nest privacy framework. Version one point

00:24

So what is the framework cover

00:27

building consumer trust by supporting decision making in product and service design or deployment? And optimizes benefit beneficial uses of data while minimizing adverse consequences for individuals privacy and society as a whole

00:42

is a big part of the privacy framework.

00:46

I highlighted the word trust because trust and transparency as it relates to this framework

00:52

is a keystone to it

00:55

furthermore, fulfilling current compliance obligations as well as future proofing products and services to meet these obligations and changing technological and policy environment

01:06

and facilitating communication about privacy practices with individuals. Business partners, assessors and regulated regulators is a must.

01:15

So I've highlighted future proofing products and services and communication about privacy practices.

01:22

Trust.

01:23

Future proofing and communication are big elements of the newness privacy framework.

01:32

What is in this privacy framework include?

01:34

Well, it includes an introduction to their framework.

01:37

The frameworks basics and how to use the framework.

01:44

The specifics of the privacy framework include

01:46

three items.

01:47

Core profiles and implementation tears

01:51

core an increasingly granular set of activities and outcomes that enable an organizational dialogue about managing privacy risk

01:59

profiles. Its selection of functions, categories and subcategories

02:02

from the core that an organization has prioritized to help manage privacy risks,

02:07

implementation tears. Communication about whether an organization has sufficient processes

02:14

and resources in place to manage privacy risks

02:16

and achieve its target profile.

02:21

Let's take a look at some of the figures

02:23

in the framework

02:23

on the upper left hand corner

02:27

Figure 1.2.1 or in section 1.2.1, cybersecurity and privacy risk management

02:34

here, simply put in this fun diagram, cybersecurity and privacy risks overlap to where both groups have responsibility as it relates to cyber security related privacy events.

02:46

If a cybersecurity privacy event occurs, both teams should be involved with addressing the event.

02:54

Note that cybersecurity events that are not privacy events would be something that only the cybersecurity group handles.

03:05

Also

03:06

non cyber security related events that include privacy elements would be an area that potentially cybersecurity would not be involved in.

03:15

Upper right hand corner

03:16

is another diagram that shows

03:20

no no no no shell

03:23

collaboration and communication flows within an organization.

03:27

Senior executive level, business process manager level

03:30

and implementation operations level.

03:32

For those of you who have studied management, you can see that on the left side would be strategic in the middle, tactical and on the right

03:40

most likely operational,

03:44

there is collaboration that's required, that goes up and down and communications that goes up and down as well.

03:51

Lower left hand corner and figure eight.

03:53

The data processing ecosystem relationships.

03:55

Shows all the stakeholders who should be involved within your privacy program.

04:03

In the lower center,

04:05

a simplified method for establishing or improving a privacy program

04:09

is using the ready set go

04:12

methodology.

04:14

Use and identify

04:15

P and govern P functions to get ready, set an action plan based on differences between current and target profiles

04:23

and last go forward with implementing the action plan,

04:26

the lower right hand corner. You see figure four. The privacy framework core structure. You can see your functions on the left hand side which is identified, govern control, communicate, protect. Broken down into categories and then further broken down into sub categories.

04:46

When did the next privacy framework version? One point get announced,

04:49

number 1, 2016. Number 2 2018 or number 3 2020?

04:57

The answer is 3 2020.

04:59

Specifically in january.