Published: October 2020Click To View (PDF)

In January 2020, the U.S. National Institute of Standards and Technology released the Privacy Framework Version 1.0. The framework contains a “Core” set of “Functions” with detailed privacy protection activities and outcomes, around which organizations can build an enterprise-wide privacy program. Recognizing that privacy is contextual, NIST deferred to organizations to determine which activities are critical to their operations and who within their organizations should be responsible for each outcome. At the same time, NIST acknowledged that privacy risk management is a cross-disciplinary function that requires support and engagement from stakeholders across an organization and designed the framework to bring those stakeholders together around a common set of goals. More recently, NIST launched a follow-on initiative to develop a privacy workforce taxonomy that will assist organizations in understanding the roles, skill sets and training needed to implement the tasks outlined in the Privacy Framework.

To support this initiative and in line with IAPP’s mission to define, promote and improve the privacy profession globally, the IAPP’s Westin Research Center is working to map the jobs of privacy professionals across disciplines, their educational needs, and how they diverge and intersect. As part of that effort and to offer insight into the skill set technologists need to implement a privacy risk management framework, the IAPP mapped the Privacy Framework’s Core to the Body of Knowledge for a Certified Information Privacy Technologist. This builds on earlier work to map the framework’s Core to the Body of a Knowledge for a Certified Information Privacy Manager.