1. Home
  2. Frameworks and Standards
  3. NIST Privacy Framework
  4. NIST Privacy Framework – COMMUNICATE-P (CM-P) – Data Processing Awareness (CM.AW-P)
Searching...

NIST Privacy Framework – COMMUNICATE-P (CM-P) – Data Processing Awareness (CM.AW-P)

Control(s)

Category

Data Processing Awareness (CM.AW-P): Individuals and organizations have reliable knowledge about data processing practices and associated privacy risks, and effective mechanisms are used and maintained to increase predictability consistent with the organization’s risk strategy to protect individuals’ privacy.

Subcategory

  • CM.AW-P1: Mechanisms (e.g., notices, internal or public reports) for communicating data processing purposes, practices, associated privacy risks, and options for enabling individuals’ data processing preferences and requests are established and in place.
  • CM.AW-P2: Mechanisms for obtaining feedback from individuals (e.g., surveys or focus groups) about data processing and associated privacy risks are established and in place.
  • CM.AW-P3: System/product/service design enables data processing visibility.
  • CM.AW-P4: Records of data disclosures and sharing are maintained and can be accessed for review or transmission/disclosure.
  • CM.AW-P5: Data corrections or deletions can be communicated to individuals or organizations (e.g., data sources) in the data processing ecosystem.
  • CM.AW-P6: Data provenance and lineage are maintained and can be accessed for review or transmission/disclosure.
  • CM.AW-P7: Impacted individuals and organizations are notified about a privacy breach or event.
  • CM.AW-P8: Individuals are provided with mitigation mechanisms (e.g., credit monitoring, consent withdrawal, data alteration or deletion) to address impacts of problematic data actions.

 

Function

  • COMMUNICATE-P (CM-P)

What is the NIST Privacy Framework

The NIST Privacy Framework is a voluntary  tool for improving privacy through Enterprise Risk Management, to enable better privacy engineering practices that support privacy by design concepts and
help organizations protect individuals’ privacy. The Privacy Framework can support organizations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or
    deployment that optimizes beneficial uses of data while minimizing adverse consequences for
    individuals’ privacy and society as a whole;1
  • Fulfilling current compliance obligations, as well as future-proofing products and services to
    meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners,
    assessors, and regulators.

Source: https://www.nist.gov/privacy-framework/privacy-framework

Note: NIST and related copyright and trademarks belong to their respective owner(s). This guide is for educational purposes only.

Updated on September 24, 2022
Was this article helpful?
Yes No

Related Articles