Kuma’s Jenn Behrens was a panelist at the September 24, 2018, NIST Privacy Framework forum where privacy experts came together to talk about why risk matters for privacy and why the project is important to inform privacy risk management, support innovation, and meet customer needs.
Jenn also participated at the NIST Privacy Framework kick-off, a workshop held last week in Austin, Texas. This time, the discussion was about what industry and government stakeholders need from the framework and how to bring those needs together for the best possible outcomes.
What is the NIST Privacy Framework project?
The National Institute of Standards and Technology (NIST) is spearheading the privacy framework initiative to help agencies and organizations fill in gaps when it comes to implementation of data privacy protections. While there is a need for a set of privacy recommendations, there is no one size fits all solution. NIST intends for the framework to offer a comprehensive set of outcomes that organizations can align with the kinds of use cases that matter to their business needs. The privacy framework will be voluntary, understandable, and implementable from C-Suites to IT experts to privacy advocates.
A deceptively simple goal
At its most basic level, a privacy framework has a simple goal: better privacy based on addressing risks in a way that supports continued innovation. Easier said than done, critical conversations in recent weeks spotlighted the current privacy landscape. Many organizations are already tackling privacy without a framework. Most know that meeting basic compliance requirements cannot effectively provide the full range of needed protections and support their overall business goals. Many organizations don’t have a clear plan, and most aren’t sure where to start.
Although panelists covered a wide range of topics, a few key areas that the privacy framework would powerfully support include enabling innovation and the adoption of privacy programs and infrastructure that go beyond compliance.
Enabling innovation
One of the big questions is how organizations move toward the use of data for emerging technologies such as the Internet of Things, artificial intelligence, and quantum computing without jeopardizing privacy and security. There is a delicate balance between providing clear societal benefits from the Internet and emerging technologies while simultaneously protecting privacy. Having a voluntary, flexible, interoperable framework and data governance will guide and teach organizations how to handle data, use it productively for the benefit of consumers and society.
Privacy programs and infrastructure that go beyond compliance
Organizations are beginning to look beyond a compliance-based privacy effort. They are becoming innovative and proactive, seeking how to manage risk from an operational perspective. They are adopting privacy engineering tactics to bring together privacy and technology stacks and translate that process between the C suite and the Geek suite. Increasingly, engineers and back-end developers are articulating privacy in their controls and carrying this work to the policy and macro levels. As organizations begin to understand how to control for the risk, they can create budgets and resource allocations to put privacy teams in place to carry forward the cause. The NIST privacy framework will be crucial to promoting a risk-based approach that can be adopted by industry and articulate real privacy controls and inform how organizations manage risk in technology and workforce.
The Kuma difference
Kuma is no stranger to the NIST Privacy Framework conversation. Invited to participate based on experience, Kuma has been enabling innovation and maturing privacy programs for industry and government clients for some time. Kuma offers a privacy engineering methodology that puts your organization ahead of industry changes. Our goal is to ensure you have access to senior level resources and that you have a remarkable experience through each stage of maturing your privacy program. With Kuma’s forward-thinking approach, Kuma’s clients are making significant changes. Learn more about Kuma’s privacy engineering approach and how they helped the County of Santa Clara mature their privacy program.
Request a consultation with Kuma today to experience the difference a powerful, fully integrated privacy program can make to your organization.