OneTrust

NIST Privacy Framework

May 5, 2020 - California Privacy

In today’s data-driven world, marketers face a unique challenge when it comes to privacy.

There are more innovative products and services than ever before that allow marketers to gather comprehensive and granular
information about consumers. But protecting that same data is a top concern of recent and forthcoming regulation, which
many marketers are acutely aware of after recently completing CCPA compliance.

It’s a fine line to walk for any brand.

To address this conundrum, the National Institute of Standards and Technology (NIST) created its new NIST Privacy
Framework. It was developed in collaboration with stakeholders to be a voluntary tool to improve enterprise risk
management. The goal of the framework is to help organizations processing and handling personal information to be
responsible stewards of that data.

Privacy and Security Go Hand in Hand

The NIST Privacy Framework points to an emerging trend: Privacy and security are overlapping more and more when it comes
to tasks and responsibilities. In fact, the NIST Privacy Framework was created to complement its previously released
counterpart, the NIST Cybersecurity Framework.

These two practice areas must integrate fully in order for companies to successfully implement risk management. In the past,
privacy and security were related, but separate areas of focus. Now, security without a privacy lens placed over it will suffer
strategic gaps.

With this in mind, the NIST Privacy Framework addresses:

How to integrate privacy as you design and deploy new systems, products, and services.

How to communicate about your privacy practices.

How to avoid silos and spur collaboration across teams.

The NIST Privacy Framework is broken down into three parts: Core, Profiles, and Implementation Tiers.
Customize Settings

The Core component covers how organizations need to connect privacy best practices to their missions and goals. The Profiles
section reinforces the roles each member of the organization plays in risk management. And the Implementation
Disable All Tier talks
about privacy protection action items.
Allow All

Maintaining CCPA Compliance

One of the benefits of the NIST Privacy Framework – and a key driver for creating it – was to demonstrate and maintain
compliance with global privacy laws. The two most well known are the EU’s General Data Protection Regulation (GDPR) and the
California Consumer Privacy Act (CCPA).

CCPA compliance is especially top of mind for marketers, as the effectual deadline just passed and the enforcement deadline
is approaching. There are also provisions being added to the law that make one-time CCPA compliance impossible.
By clicking “Allow All”, you agree to the storing of cookies on your device to enhance site navigation, analyze
site usage, and assist in our marketing efforts. Cookie Notice
Privacy - Terms
 Tools such as the NIST Privacy Framework help companies better manage ongoing privacy strategies so they can avoid
OneTrust
potential risks with new laws or changes to existing ones. It helps formalize best practices and strategic processes to
complement technical tools such as privacy management software.

Privacy management software gives companies powerful automation to achieve global privacy compliance. It automates all
CCPA compliance requirements, including the intake and fulfillment of consumer rights requests and further helps with
building your data map and execution of PIAs & DPIAs.

Essentially, privacy management software allows companies to leverage intelligent risk mitigation to discover and address
liabilities faster. In the brave new world of managing risks, you can’t hope to survive – or thrive – without this kind of solution.

The NIST Privacy Framework in Practice

The NIST Privacy Framework emphasizes the fact that the way organizations have to think about privacy has changed forever.
In order to stay on top of a fast-paced regulatory environment, companies must effectively manage their processes and take
advantage of advanced automation.

For practical ways to implement NIST’s new framework into your privacy program, join this IAPP-led webinar. You’ll learn how
your organization can enable better privacy engineering practices in support of privacy-by-design concepts.

If you’re looking for a powerful and easy-to-use privacy management software, OneTrust is purpose-built to solve these
challenges at scale – allowing organizations to simplify their privacy program management. Schedule a demo today to learn
more.

Share this Article

Related Posts

Apple iOS 14.5: How to Data Governance Doesn’t Live The Ultimate Guide to GDPR
Prepare with OneTrust in a Silo Compliance
Yesterday, Apple revealed that iOS 14.5 Privacy, security, and governance teams What is GDPR Compliance? At its core, GDPR
will go into effect on April 26th.  Apple first have different scopes and priorities when it Compliance means an organization that falls
Customize Settings
launched the 14.5 beta to the public earlier comes to handling data. Privacy teams are within the scope of the
this year
Disable All

Allow All

The 7 Principles of Privacy by Real Data Intelligence: A AG Announces Additional

Design balance between seeking data CCPA Regulations
value
By clicking “Allow All”, you agree to the storing of cookies on your deviceand mitigating
to enhance riskanalyze
site navigation,
site usage, and assist in our marketing efforts. Cookie Notice
Privacy - Terms
What is real data intelligence? It spawns
 According to Pew Research Center, 81% of from the idea of data democratization, The California Attorney General
OneTrust
Americans say the risks of data collection by allowing stakeholders from across an (AG) announced the approval of additional
companies outweigh the positives. And 72% organization access to data and removing regulations to the CCPA. These additional
say there’s the regulations ban ‘dark patterns’ that delay

Get Started Products Solutions Customers Company

Request Demo Privacy Program Management Privacy & Compliance Case Studies About Us

Try Free Marketing & Privacy UX Vendor & Third-Party Risk Careers

Pricing Third-Party Risk Management Marketing Operations Resources News

RFP Template Incident & Breach Response Publishers & Advertisers Awards
Blog
View All Products Risk, Compliance & Audit Trust
Integrations Marketplace
Contact Us
  PrivacyConnect Workshops
Services Large Enterprises PrivacyTech User Groups
Small & Mid-Size Companies
Professional Services View All Resources

Training & Certification  

Partners GDPR CCPA LGPD

View All Laws & Frameworks

Get in Touch

[email protected]

+1 (844) 847-7154

[email protected]

myOneTrust Portal

Be in the Know
What's your email address? Subscribe
Subscribe to our newsletter

Privacy Matters Your Privacy

When we collect your personal information,

Customize we always inform you of your
Settings
Our privacy center makes it easy to see how we collect and use your rights and make it easy for you to exercise them. Where possible, we also let
you manage your preferences about how much information you choose to
information. share with us, or our partners.
Disable All

Our Policies Your Rights Allow All

Read our Privacy Notice and Cookie Notice. Exercise Your Rights. Let us know how we can help.

Visit our Trust page and read our Transparency Report. Do Not Sell My Personal Information

© 2021 OneTrust, LLC. All Rights Reserved. Privacy Notice | Cookie Notice | UK Modern Slavery Act Statement

By clicking “Allow All”, you agree to the storing of cookies on your device to enhance site navigation, analyze
site usage, and assist in our marketing efforts. Cookie Notice
Privacy - Terms