Self-service access to safe data
Protect data and manage risk
Analyze conversational chat data
Reduce the time and cost to comply
Right data in the right hands
Align control and business use
Controlled access to data
Flexibility, consistency, scalability
Our professional services
Power responsible use
From clinical to commercial
Optimize data tests
Open new revenue streams
Realize the potential of the cloud
Protect data from misuse
Transform your data
Opinion and industry insights
An A to Z of the industry
The podcast for data leaders
Press releases, awards, and more
Staying at the cutting edge
The team behind Privitar
A thriving partner ecosystem
Our story, values, and careers
Dedicated customer assistance
Jul 09, 2020
By Marcus Grazette, Europe Policy Lead at Privitar
The National Institute for Standards and Technology (NIST) is a leading standards body. Earlier this year they released the NIST Privacy Framework, a voluntary tool intended to help organizations identify and manage privacy risk. This blog post will introduce the Framework, explain some of the outcomes it recommends and show how Privitar can help you to achieve them.
The Framework is divided into two main parts:
The NIST Privacy Framework complements the NIST Cybersecurity Framework, published in 2014. The functions in the Privacy Framework are labelled with the appendix “-P” to distinguish them from the Cybersecurity Framework.
The Framework is not a checklist. It was designed to help organizations answer the question: “How are we considering privacy impacts as we develop systems, products and services?” As such, the Framework is outcome based. It describes the ideal outcome, without being prescriptive about how to achieve it.
The five functions are further broken down into 18 categories and 100 outcomes (subcategories). Each function, category and outcome has a unique code assigned to it. For example, the “Identify” function (ID-P), the “inventory and mapping” category (ID.IM-P) and the “systems that process data are inventoried” outcome (ID.IM-P1). We’ll use these codes when referring to specific outcomes in this blog post.
There is no ‘silver bullet.’ Achieving the majority of outcomes will require a combination of measures. The outcomes fall on a spectrum from technical to non-technical. To help you to understand that range, we grouped them into 11 technical (i.e. applied to the data or the processing system), 36 non-technical (i.e. processes and procedures) and 53 semi-technical (i.e. blending the two) outcomes.
Privitar is a privacy engineering company. We focus on technical controls and support efforts to achieve semi or non technical controls.
The Framework provides a detailed set of outcomes describing a comprehensive approach to privacy. Some elements are technical, but most require a mix of technical and organizational controls. There are no technical silver bullets. A combination of Privitar features will, in many cases, help organizations to achieve the recommended outcomes. Against the backdrop of an uncertain legal context, with new privacy regulations emerging and being debated, the framework offers a concrete set of outcomes that all companies can act on today.
Our team of data security and privacy experts are here to answer your questions and discuss how modern data provisioning can fuel business growth.