1. Home
  2. Frameworks and Standards
  3. NIST Privacy Framework
  4. NIST Privacy Framework – GOVERN-P (GV-P) – Monitoring and Review (GV.MT-P)
Searching...

NIST Privacy Framework – GOVERN-P (GV-P) – Monitoring and Review (GV.MT-P)

Control(s)

Category

Monitoring and Review (GV.MT-P): The policies, processes, and procedures for ongoing review of the organization’s privacy posture are understood and inform the management of privacy risk.

Subcategory

  • GV.MT-P1: Privacy risk is re-evaluated on an ongoing basis and as key factors, including the organization’s business environment (e.g., introduction of new technologies), governance (e.g., legal obligations, risk tolerance), data processing, and systems/products/services change.
  • GV.MT-P2: Privacy values, policies, and training are reviewed and any updates are communicated.
  • GV.MT-P3: Policies, processes, and procedures for assessing compliance with legal requirements and privacy policies are established and in place.
  • GV.MT-P4: Policies, processes, and procedures for communicating progress on managing privacy risks are established and in place.
  • GV.MT-P5: Policies, processes, and procedures are established and in place to receive, analyze, and respond to problematic data actions disclosed to the organization from internal and external sources (e.g., internal discovery, privacy researchers, professional events).
  • GV.MT-P6: Policies, processes, and procedures incorporate lessons learned from problematic data actions.
  • GV.MT-P7: Policies, processes, and procedures for receiving, tracking, and responding to complaints, concerns, and questions from individuals about organizational privacy practices are established and in place.

 

Function

  • GOVERN-P (GV-P)

 

What is the NIST Privacy Framework

The NIST Privacy Framework is a voluntary  tool for improving privacy through Enterprise Risk Management, to enable better privacy engineering practices that support privacy by design concepts and
help organizations protect individuals’ privacy. The Privacy Framework can support organizations in:

  • Building customers’ trust by supporting ethical decision-making in product and service design or
    deployment that optimizes beneficial uses of data while minimizing adverse consequences for
    individuals’ privacy and society as a whole;1
  • Fulfilling current compliance obligations, as well as future-proofing products and services to
    meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners,
    assessors, and regulators.

Source: https://www.nist.gov/privacy-framework/privacy-framework

Note: NIST and related copyright and trademarks belong to their respective owner(s). This guide is for educational purposes only.

Updated on September 24, 2022
Was this article helpful?
Yes No

Related Articles