Harriet Pearson, Paul Otto, Laurie Lai and Julian Flamant of Hogan Lovells write about the recently released discussion draft on NIST’s privacy framework.
…..The draft Privacy Framework describes five core privacy “functions” for organizations to develop and implement that track the life cycle of an organization’s management of privacy risk:
- Identify (organizational understanding of privacy risk);
- Protect (appropriate data processing safeguards);
- Control (data management measures);
- Inform (communication about data processing activities); and
- Respond (privacy breach mitigation and redress).
Two of these core functions (Control, Inform) have no mapping to NIST Cybersecurity Framework core functions, while two of the Cybersecurity Framework’s core functions (Detect, Recover) have no analogue in the Privacy Framework.
Read more on Chronicle of Data Protection.