Why a Privacy Framework?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

4 hours 7 minutes
Video Transcription
Welcome to lesson
one point to why a privacy framework
in this video, we're going to cover why privacy frameworks are necessary. We're going to look at the mess privacy framework development timeline.
So why is a privacy framework necessary?
Um those that work in privacy know that many times there are different regulations depending on the type of enterprise that you work in and what regions of the world your company may do business and that you have to be compliant with. That could be anything from the hip of privacy rule
to the EU General Data Protection Regulations, um to the California Consumer privacy Act and there are many more out there that your company may have to be compliant with. So there's really this need for a common language and a practical tool to help you sort of traverse um that regulation landscape that is out there when it comes to privacy.
And then I know we mentioned before the difference between cyber security risks and privacy risks and that knowing that cybersecurity doesn't solve all the privacy issues because you're still going to have issues with data processing that fall outside um of how you're actually protecting the data.
Um so once again, cybersecurity is not the be all end all of of solving your privacy issues.
And then lastly, there really is a challenge to really design or have a technology that's mindful of all of these diverse privacy needs um with just the way technology is going, it's very difficult to keep up with that.
So it's really better to have sort of a privacy framework that your enterprises using
um really as a as a metric, as a measurement of how you may be doing um in regards to keeping up with those privacy concerns or those needs, because it really is going to give you sort of a broader brush in which to paint sort of your privacy landscape for your enterprise.
So it's really why there was a need outside of a security framework to also have a privacy framework in place.
So one of the things um also that I want to keep in mind of reminding people why it's important to have a privacy framework in place in your enterprise for how your enterprises handling privacy risks
is because the Panda Mon Institute does a study every year on what the cost of a data breach is. Um as you can see, you know, it's fluctuated over the years, but for 2019 it was $3.92 million and no company wants to have to endure the cost of a of a privacy breach from dealing with audits,
possibly from whether that's pc I because you may not have been compliant with credit card data for individuals to having to establish call centers depending on the number of individuals that were impacted by the data breach. There's so many different costs that sort of come into play when you're dealing with the data breach.
But that number does kind of hover as the Panama on study Institute
puts out a $3.92 million for a data breach in 2019. So it's something to think about when you are trying to get funding possibly for your program and trying to talk to the C suite. You know, a lot of times they're looking at, you know, how does it impact the bottom line? And a lot of times those of us that work in compliance,
um you know, we aren't really in the money making business, so sometimes we have to learn how to speak the C suite language and and you know, this is truly a number that you can use to represent, um why possibly a tool that you're looking to implement or possibly bringing on
more personnel to handle privacy risks? Um this is always helpful number to utilize when you're showing why the cost of that tool um is helpful and how it will save the company money in the long run um from having to deal with the data breach.
So one thing I did want to look at is how quickly um you know, nous did develop the privacy framework that we have here. You'll see that really this timeline goes from September 2018 to January of 2020, so that's really only a little over a year, from the thought of the nets privacy framework all the way to really
Its inception, um we see that, you know, in October of 2018, shortly after um you know, the announcement that there was going to be in this privacy framework, that we do see that there was a workshop held and that was, you know, to get feedback from the community and possibly how this should be shaped.
Um and then November it included a request for information um from individuals to sort of give thoughts on what was developed at that workshop um to wear in February, we actually got an outline of what that framework would look like, and then in 2019 there was a discussion draft that was put out
Um once again to get more feedback from the community on on how things were shaping up really with with the privacy framework. Another workshop was held in May of 2019,
And then in June 2019, that's when supplemental materials begin to be put out to the public regarding the this privacy framework. And then finally, there was the third workshop, um like I said, it was open uh to uh industry leaders and peers to come and
discuss how things were shaping a provide feedback.
And then in September we got the preliminary draft of within this privacy framework would look like, which does look a lot like what the final documentation um that was provided in January of 2020 when this this privacy framework was finally implemented. So, not a long time to developing it,
and you'll see anyone that works in security that possibly use the nist cybersecurity framework.
We'll see how the two kind of aligned with each other.
So in this video, we covered reasons why a privacy framework is necessary
and the development of the MS privacy framework.
Up Next