Implementing the NIST Privacy Framework

Explore the fundamentals of implementing the NIST Privacy Framework and managing security risks faced by your organization.

Introduction

• Privacy framework welcome
• What you should know

1. NIST Privacy Framework Preparation

• Privacy framework introduction
• What is privacy?
• Why care about privacy?
• NIST Privacy Framework structure
• Establishing and improving a privacy program
• Privacy vs. security vs. compliance vs. risk
• Leveraging the NIST Privacy Framework for a privacy risk program

2. Identify Function

• Identify-P function
• Data inventory and mapping
• Business environment
• Data processing risk identification

3. Govern Function

• Privacy governance policies and procedures
• Privacy risk management strategy
• Monitoring, review, awareness, and training

4. Control and Communicate Functions

• Data processing policies, processes, and procedures
• Data processing management
• Disassociated processing
• Communicate data processing policies and practices
• Challenge: NIST PRAM worksheets

5. Protect Function

• Data protection and maintenance practices and procedures
• Identity management, authentication, and access control
• Data security
• Protective technology

6. Detect, Respond, and Recover Functions

• Detecting privacy issues
• Response and recovery

7. Privacy Planning

• Privacy Impact Assessments (PIAs)
• Privacy management plans

Conclusion

• Privacy next steps and resources