Governance & Risk Management , NIST Standards , Privacy

NIST Privacy Framework: The Implementation Challenges

NIST's Naomi Lefkovitz on How to Put the New Framework to Use
NIST Privacy Framework: The Implementation Challenges

Although the National Institute of Standards and Technology's new privacy framework, which was released Jan. 16, is agnostic toward any particular privacy law, "it gives organizations building blocks to help them meet any obligations under any particular law or jurisdiction that they're subject to," says Naomi Lefkovitz, a senior privacy policy adviser and program manager for privacy engineering at NIST.

"For example, you might have an obligation under GDPR [EU's General Data Protection Regulation] to accept data deletion requests from individuals. The framework is not a prescriptive requirement-based approach, but rather you have to think through the kind of policies and technical capabilities that you might need," Lefkovitz explains in an interview with Information Security Media Group.

"One of the activities or outcomes that we have is data can be accessed for deletion because if you don't have the capability to actually go in, find and extract data in your systems, then meeting a legal obligation is just going to be aspirational," she says.

In this interview (see audio link below image), Lefkovitz also discusses:

  • Challenges firms are facing in adopting the framework;
  • Why NIST is considering additional guidance for small business;
  • Whether the NIST framework represents an industry standard;
  • Whether the framework addresses privacy issues with regards to biometrics;

Lefkovitz is senior privacy policy adviser and program manager for privacy engineering at NIST. Previously, she worked in the Obama White House as director for privacy and civil liberties in the cybersecurity directorate of the National Security Council. Earlier, she served as a senior attorney with the division of privacy and identity protection at the Federal Trade Commission.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.