1. Home
  2. Frameworks and Standards
  3. NIST Privacy Framework
  4. NIST Privacy Framework – CONTROL-P (CT-P) – Data Processing Management (CT.DM-P)
Searching...

NIST Privacy Framework – CONTROL-P (CT-P) – Data Processing Management (CT.DM-P)

Control(s)

Category

Data Processing Management (CT.DM-P): Data are managed consistent with the organization’s risk strategy to protect individuals’ privacy, increase manageability, and enable the implementation of privacy principles (e.g., individual participation, data quality, data minimization).

Subcategory

  • CT.DM-P1: Data elements can be accessed for review.
  • CT.DM-P2: Data elements can be accessed for transmission or disclosure.
  • CT.DM-P3: Data elements can be accessed for alteration.
  • CT.DM-P4: Data elements can be accessed for deletion.
  • CT.DM-P5: Data are destroyed according to policy.
  • CT.DM-P6: Data are transmitted using standardized formats.
  • CT.DM-P7: Mechanisms for transmitting processing permissions and related data values with data elements are established and in place.
  • CT.DM-P8: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy and incorporating the principle of data minimization.
  • CT.DM-P9: Technical measures implemented to manage data processing are tested and assessed.
  • CT.DM-P10: Stakeholder privacy preferences are included in algorithmic design objectives and outputs are evaluated against these preferences.

 

Function

  • CONTROL-P (CT-P)

 

What is the NIST Privacy Framework

The NIST Privacy Framework is a voluntary  tool for improving privacy through Enterprise Risk Management, to enable better privacy engineering practices that support privacy by design concepts and
help organizations protect individuals’ privacy. The Privacy Framework can support organizations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or
    deployment that optimizes beneficial uses of data while minimizing adverse consequences for
    individuals’ privacy and society as a whole;1
  • Fulfilling current compliance obligations, as well as future-proofing products and services to
    meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners,
    assessors, and regulators.

Source: https://www.nist.gov/privacy-framework/privacy-framework

Note: NIST and related copyright and trademarks belong to their respective owner(s). This guide is for educational purposes only.

Updated on September 24, 2022
Was this article helpful?
Yes No

Related Articles