The National Institute for Standards and Technology (NIST), part of the US Department of Commerce, has released Version 1.0 of its Privacy Framework. It is designed to help institutional, government and commercial enterprises identify and manage privacy risks in data operations throughout the life-cycle of a product or service, while protecting individual privacy.
The Privacy Framework consists of three elements: a Core, Profiles, and Implementation Tiers.
“Privacy is more important than ever in today’s digital age,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan in a prepared statement. “The strong support the Privacy Framework’s development has already received demonstrates the critical need for tools to help organizations build products and services providing real value, while protecting people’s privacy.”
The NIST Privacy Framework complements the existing NIST Cybersecurity Framework. Further information and technical guidelines are available from the NIST Web site.
Why it matters:
A data-secure organization is an essential component of an anti-piracy program.
Equally important is the ability to manage and protect personal privacy and personally indentifiable information, which pirates use to gain access to video accounts, financial accounts and other personal information that also can be used to damage the financial status of consumers. Or reputation, if this phishing scam is any indicator.
Strong privacy and cybersecurity guidelines are sure to provide a foundation for future US data privacy laws that may be patterned after the EU’s General Data Protection Regulation (GDPR).
