NIST Privacy Risk F...
 
Notifications
Clear all

NIST Privacy Risk Framework  

  RSS

Anonymous
(@anonymous)
Member Admin
Joined: 7 months ago
Posts: 136
21/05/2020 3:08 pm  

Do you have any data on how many companies are implementing the NIST Privacy Risk framework? The challenge with it is it’s very US specific..and does incorporate or refer to GDPR terms/asks. Where something like a Nymity framework is not an industry, but a consulting company so not “Independent”


Quote
Jamie Danker
(@jdankereasydynamics-com)
Member Moderator
Joined: 5 months ago
Posts: 6
22/05/2020 2:58 pm  

Here is a link to the HIPAA Security Rule crosswalk to the NIST Cybersecurity Framework <a href=" removed link "> removed link .

A couple of links of interest for the NIST Privacy Framework - <a href=" removed link "> removed link

Resource Repository: <a href=" removed link "> removed link

Link to the Cybersecurity Framework: <a href=" removed link /browse/crosswalks/cybersecurity-framework-crosswalk"> removed link /browse/crosswalks/cybersecurity-framework-crosswalk

 

Last an EasyDynamics blog on the NIST Privacy Framework: <a href=" removed link "> removed link

 

Thanks for including me in a great event!

Best Regards,

Jamie


ReplyQuote
Jamie Danker
(@jdankereasydynamics-com)
Member Moderator
Joined: 5 months ago
Posts: 6
27/05/2020 9:28 pm  

The NIST Privacy Framework was recently released (January 2020); some companies have publicly stated their support and/or intent to adopt it. I recommend visiting <a href=" removed link " target="_blank" rel="noopener" data-saferedirecturl=" removed link ;source=gmail&ust=1590697030768000&usg=AFQjCNE9O4Ol-_w24ThmkRL22fWIe91IeA"> removed link framework/adoption for additional information.  Regarding the relationship between the NIST Privacy Framework and GDPR, as noted during the webinar, the NIST Privacy Framework is agnostic to any particular technology, sector, law or jurisdiction; therefore, it does not use GDPR-specific terms. The Privacy Framework Core includes several references for the need to organizations to consider laws and regulations (e.g., See the GOVERN-P Function). In addition, the framework recognizes that organizations can take on many roles in the data processing ecosystem and that such roles might be legally codified (e.g., data controller or data processor). 


ReplyQuote
Share:
Back To Top