In a blog post for the RSA Conference, IAPP Senior Privacy Fellow Caitlin Fennessy, CIPP/US, wrote that the National Institute of Standards and Technology's recent Privacy Framework draft could "help avoid missed connections in privacy." Fennessy said that NIST views itself as an intermediary that is capable of "creating a new language to foster critical conversations between lawyers, developers, the cybersecurity team and the c-suite to enable true privacy engineering." The Privacy Framework "is organized around the functions an organization must undertake to manage privacy risk, the profile of the organization using it, and a tiered implementation structure," Fennessy wrote. The framework is likely to need further refinements, but Fennessy said it has at least started a conversation that will carry over to NIST's next stakeholder workshop in July.
If you want to comment on this post, you need to login.