The NIST Privacy Framework discussion draft has been published. This document incorporates the outlines and stakeholder input received to date.
The Drafting the NIST Privacy Framework: Workshop #2 will be held on May 13-14, 2019, at the Georgia Tech Scheller College of Business in Atlanta, Georgia. Feedback is also welcome via email at email@example.com (which will not be posted online). https://www.nist.gov/privacy-framework/working-drafts explains the documents and process to date.
The Discussion Draft Sections 1.1-1.2.2 discuss the Privacy Framework, Privacy Risk Management and the Relationship between Privacy Risk Management and Risk Assessment.
Section 1.3 is Document Overview and contains a list of the following sections:
Section 2.0 describes the Privacy Framework components: the Core, the Profiles, and the Implementation Tiers.
Section 3.0 presents examples of how the Privacy Framework can be used.
Appendix A: Privacy Framework Core presents the Core: a table of functions, categories, and subcategories that describe specific privacy activities that can support managing privacy risks when systems, products, and services are processing data or interacting with individuals.
Appendix B contains a glossary of selected terms.
Appendix C lists acronyms used in this document.
Appendix D considers key practices that contribute to successful privacy risk management.
Appendix E defines the Implementation Tiers.
Appendix F provides a placeholder for a companion roadmap covering NIST’s next steps and identifying key areas where the relevant practices are not well enough understood to enable organizations to achieve a privacy outcome.
The https://www.nist.gov/privacy-framework page is available to learn more about the process. Subscription to the mailing list for this effort is also available through Google groups.