Data protection and privacy scenarios
1. Data protection and privacy scenarios
In this video, we’re going to focus on a specific framework developed by the National Institute of Standards and Technology, or NIST, using a practical workplace scenario. It’s important to call out our discussion in this course should not be considered legal advice. First, it's important to know that the NIST Privacy Framework was developed to help improve privacy risk management for an organization's data. It is an international framework that strives to create a common language for international cooperation on privacy. The NIST Privacy Framework has three parts: core, profiles, and implementation tiers. First, the core is a set of privacy protection activities and desired outcomes that allows for communicating prioritized privacy protection activities and outcomes across the organization. Second, when using the framework, an organization has to develop one or more profiles for the privacy outcomes it wants to achieve. Profiles represent the privacy outcomes the organization aims to achieve. To develop a profile, an organization will review the functions, categories, and subcategories of the framework, and decide which functions are the most important to focus on. This will help them achieve their desired privacy outcomes based on business needs. And third, implementation tiers provide context on how an organization views privacy risk and indicates if the organization has adequate processes and resources in place to manage that risk. Now that you know the tiers of the framework, let's examine a workplace scenario that demonstrates why the NIST framework is an essential tool. In this scenario, a large retail organization is in the early stages of developing an application for their home appliances. They want to create an application that will allow consumers to register their devices for warranties and updates, access information about their usage history, and enable universal remote control use for multiple products. The organization requires stakeholder approvals before a product can be released to consumers. Plus, the organization must comply with domestic and international privacy laws and regulations. To help keep their information secure, the organization implements the NIST framework to develop their application. Security frameworks are also useful tools that can help organizations meet their privacy obligations with the right selection of security controls and data protection practices. The organization requires stakeholder approvals before a product can be released to consumers. Plus, the organization must comply with domestic and international privacy laws and regulations. To help keep their information secure, the organization implements the NIST framework to develop their application. Security frameworks are also useful tools that can help organizations meet their privacy obligations with the right selection of security controls and data protection practices. Since security frameworks might have different guidelines for what is considered a risk and how to manage it, your organization might use multiple guidelines and frameworks simultaneously to keep all their data secure. For example, there are overlaps in cybersecurity and privacy risks. Cybersecurity risks arise from unauthorized activity related to the loss of confidentiality, integrity, or availability of a system or information asset. The NIST cybersecurity framework is a tool that a cloud surety team can use for data protection. On the other hand, privacy risks arise from authorized activity. For example, a food delivery app may be gathering too much data on its users, which can present a privacy issue. A security team can use the NIST Cybersecurity Framework and the Privacy Framework together as a tool to achieve data security. They work together because the privacy framework allows the security team to ask questions about the purposes for data collection and the appropriate retention of the data. The security framework then helps pick the right controls for the protection of the data that the app collects and retains. Now that you know more about how to apply the NIST framework, you can start learning about different frameworks and practice applying them to different scenarios.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.