Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Cybersecurity Insights
a NIST blog
Grab a cupcake or several—no judgment—and join us in celebrating the first birthday of the NIST Privacy Framework! Here at NIST, we feel like proud parents supporting the framework’s implementation over the past year, listening to all the amazing things stakeholders have to say, and learning from the organizations who are already using it. We have lots of “gifts” for you, our stakeholders, so read on to learn all about them!
One Year with the Privacy Framework
Like everyone, we can’t say good-bye fast enough to 2020, but there’s no doubt that the attention that the framework has been getting is a testament to the enduring importance of privacy concerns.
In recognition of the global use of the framework, we’re announcing our first translations in Spanish and Portuguese! We welcome additional translations of the framework to better support international adoption.
We’re always getting asked if we know how many organizations are using the framework. From the recent International Association of Privacy Professionals (IAPP) and FairWarning report, we now know that more than a quarter of survey respondents had adopted the NIST Privacy Framework less than a year after its release.
Check out our complete Privacy Framework at 1 Year infographic for more noteworthy stats and accomplishments.
New Privacy Framework Resources
Our Resource Repository continues to expand, with over 40 resources now available to support organizations’ use of the framework. We’re delighted to announce a couple major new arrivals:
- Jeewon Serrato, a partner at BakerHostetler, has contributed a much needed crosswalk to the California Consumer Privacy Act (CCPA).
- With the recent release of NIST Special Publication 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, we’ve added a crosswalk with the Privacy Framework and the Cybersecurity Framework.
We are grateful for all of the stakeholder contributions to the community resources that serve to strengthen everyone’s privacy practices. Keep the contributions coming!
We’ve also revamped our New to the Framework webpage with a whole range of resources for different interest levels and sizes of organizations. Grab another cupcake (or some popcorn) and watch our brand new video from our Emmy award winning video team dramatizing the discovery of the framework and starring a fabulous group of privacy experts.
We’ve heard consistently that small and medium businesses would benefit from dedicated resources aimed at simplifying the framework. To help meet this need, today we’re releasing a Privacy Framework quick start guide. Although nominally for small and medium businesses, this guide is intended to help any organization with constrained resources get a risk-based privacy program off the ground or improve an existing one.
Do you want to dig a little deeper into the framework and learn how some organizations are actually using it? Check out our new 20-minute Privacy Framework: At a Glance recording. Perfect for fitting in between meetings. If you have a bit more time, don’t forget about our Privacy Framework 101 webinar. This deep dive is loaded with information about every part of the framework.
Making Headway on the Privacy Framework Roadmap
Over the past year, we used the Privacy Framework Roadmap to prioritize our next steps. Among these efforts, we heard repeatedly about the need for a skilled and knowledgeable workforce capable of managing privacy risk, so we’re working with the community to make progress on this substantial challenge. At the September 2020 virtual workshop Help Wanted: Growing a Workforce Capable of Managing Privacy Risk,hosted by the IAPP, we obtained great feedback from highly engaged stakeholders to inform the development of a privacy workforce taxonomy aligned with the NICE Framework. In the coming months, we plan to launch a public working group to build out the taxonomy. We’ll have more information to share soon about how you can participate in this important effort.
We also launched a blog series all about differential privacy – covering the basics, applicable use cases, and some of the open source tools available right now for implementation. The series is designed to have a little something for everyone, from business process owners, privacy program personnel, privacy engineers, to IT professionals. We plan to complete the series this year with the longer-term goal of transforming the blogs into a guideline for deploying differential privacy. We encourage you to read the posts and ask questions or provide comments to inform the guideline.
The Party Doesn’t Stop Here
There’s nothing quite like the sight of a one-year-old enjoying birthday cake and making a huge mess in the process. While we hope your use of the framework isn’t quite so messy, we know that managing privacy risk can be challenging. We hope that this year, the Privacy Framework helps you achieve a more systematic approach to managing privacy risk so that you can innovate while maintaining the trust of your customers – something truly worth celebrating!
To receive periodic updates about Privacy Framework efforts, sign up for our mailing list.
