The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. The core “Function” is the broadest category level and consists of five recommended Functions: Identify, Govern, Control, Communicate, and Protect.
The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. So, for example, the concept that a data subject should have the right to access their personal information is found within NIST under the Core
On May 12, 2021, President Biden issued an executive order entitled Improving the Nation’s Cybersecurity (EO). The EO was released only days after the cyberattack impacting Colonial Pipeline, and several months following discovery of the penetration of various federal agencies as a result of the Solar Winds cyber breach by Russian hackers in 2019. The
In 2020, the National Institute of Standards and Technology, a part of the United States Department of Commerce, developed a privacy framework that was intended to help organizations identify and manage privacy risks. Like the ISO 29100 privacy framework that predated it, the NIST privacy framework is designed to provide common terminology to communicate privacy-related
Unlike other privacy frameworks that recommend that companies be scored or self-score using a maturity model (e.g., a score from one to four), the ISO 27701 privacy framework (much like its predecessor ISO 29100) does not identify a specific methodology for assessing compliance or maturity.
The ISO 29100 privacy framework sets forth the following 11 core principles:
The ISO 27701 privacy framework is not explicitly organized using the
While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to the organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards – i.e., a company would ideally be certified in both data security and data privacy. As a result, it is organized based
Greenberg Traurig is a sponsor of the 19th Annual Rocky Mountain Intellectual Property & Technology Law Institute, taking place virtually June 3-4, 2021. The event will feature industry experts providing updates on IP fundamentals including patent law, PTAB, trademark/TTAB, copyright, licensing, trade secrets, data privacy and security, and internet litigation.
On Thursday, June 3, GT
GT is a sponsor of the Privacy + Security Forum Spring Academy taking place virtually May 24-26, 2021. The conference will break down the silos of privacy and security and bring together seasoned thought leaders hosting virtual sessions and workshops designed to deliver practical takeaways for conference participants. On Tuesday, May 25 from 2:00 –
On Thursday, May 20 at 8:00 a.m. PST (11:00 a.m. EST), Gretchen Ramos, global co-chair of Greenberg Traurig’s Data, Privacy & Cybersecurity Practice, will be a panelist at the Global Privacy Summit Online 2021 Expert Bar session, titled “CCPA, CPRA & CDPA: Implementation Tips & Tricks.” The session will provide practical considerations for passed