TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | NIST Privacy Workforce Public Working Group helps craft TKS statements for Privacy Framework Related reading: The FTC’s privacy rulemaking: Risks and opportunities



Editor's Note:

This article has been updated to clarify that the Privacy Workforce Public Working Group, while aligned with the Framework Core, will not revise the Framework itself.

In the modern history of the privacy profession, the one constant dynamic has been the rapid development of new technologies that has reflexively created an industry that is in a perpetual state of innovation and growth. This growth has brought benefits to organizations and their customers, but has also presented challenges. Among those challenges, growing a skilled and knowledgeable privacy workforce has been a top priority. The National Institute of Standards and Technology is helping to address this issue with a Privacy Workforce Public Working Group, which launched in April 2021.

“Workforce development is a key stakeholder challenge,” NIST Privacy Policy Advisor Dylan Gilbert said. “As we looked to create descriptions of essential privacy tasks, knowledge and skills to help meet this challenge, the public Working Group idea presented itself as the best option to leverage the entire privacy community to lend their knowledge and experience to this process.”

The Privacy Workforce Public Working Group features approximately 750 privacy experts from across the commercial and public sectors, civil society and academia, he said. The group, which is co-chaired by Esperion Therapeutics Director of Information Security and Privacy Mary Chaney, CIPP/US, Discernable founder and CEO Melanie Ensign, IAPP President and CEO Trevor Hughes, CIPP, along with Gilbert, has been divided into multiple project teams. 

Each project team is responsible for creating task, knowledge and skill statements related to their specific categories within the NIST Privacy Framework. The ongoing project teams are tackling policies, processes and procedures and risk strategy development for the data processing ecosystem, and business environments.

“The goal here is to align tasks, knowledge and skills with the privacy risk management outcomes and activities in the Privacy Framework Core,” Gilbert said. “For the Privacy Workforce Public Working Group, they’re working to answer the ‘How’ question: How does my organization achieve the risk management outcomes it has prioritized? And when the work is done, we’ll have identified and documented the tasks, knowledge and skills required to achieve those outcomes.”

Gilbert said one of his main hopes to come out of the PWWG development process is the creation of a universal set baseline of knowledge and skills to bolster privacy risk management well into the future. He said the Privacy Framework is not just about ensuring there will be an adequate workforce to meet the compliance challenges for the evolving privacy regulatory ecosystem, but developing more universal understanding of privacy among professionals.

“Certainly, addressing compliance is going to be at the top of the mind for both organizations and privacy professions, but when we talk about workforce at NIST, it goes beyond compliance, it’s about effective risk management,” Gilbert said. “The PWPWG is helping to create a common understanding around privacy in the workplace and to facilitate the interdisciplinary coordination and collaboration needed for privacy risk management practices.”

There is still time for privacy professionals to participate in the PWPWG’s work, Gilbert said. Professionals with technical expertise are encouraged to join since the categories for system capabilities will be worked on next. On the Privacy Framework’s NIST webpage, it lists the active project team and how to subscribe to their email lists, which include links to participate in meetings.

“The PWWG is an ongoing process,” Gilbert said. “I strongly encourage any privacy professional to join our group and lend their expertise because this field offers a rapidly changing legal landscape and innovations in data processing. It’s a one-of-a-kind opportunity to shape the future of our profession.”

Credits: 1

Submit for CPEs


If you want to comment on this post, you need to login.

  • comment R. Jason Cronk • Aug 31, 2022
    Alex, the title is slightly misleading. PWWG is not working on the next version of the NIST PF. They are augmenting it with TKS statements so organization can better understand the tasks, skills and statements associated with the PF Core.   Also, though called the Privacy Workforce Public Working Group, NIST is using the initialism of PWWG. See the front page at  
    "The Privacy Workforce Public Working Group (PWWG) provides a forum ...."
  • comment Alex LaCasse • Sep 1, 2022
    Hi Jason, thank you for the feedback. We've adjusted the headline.
  • comment Jeanne Swidorski • Apr 10, 2023
    Hello - I am wondering if I can join this group?  I work as a Privacy Compliance Director in the financial industry and am working on this for my enterprise.