Control(s)
Category
Risk Assessment (ID.RA-P): The organization understands the privacy risks to individuals and how such privacy risks may create follow-on impacts on organizational operations, including mission, functions, other risk management priorities (e.g., compliance, financial), reputation, workforce, and culture.
Subcategory
- ID.RA-P1: Contextual factors related to the systems/products/services and the data actions are identified (e.g., individuals’ demographics and privacy interests or perceptions, data sensitivity and/or types, and visibility of data processing to individuals and third parties).
- ID.RA-P2: Data analytic inputs and outputs are identified and evaluated for bias.
- ID.RA-P3: Potential problematic data actions and associated problems are identified.
- ID.RA-P4: Problematic data actions, likelihoods, and impacts are used to determine and prioritize risk.
- ID.RA-P5: Risk responses are identified, prioritized, and implemented.
Function
- IDENTIFY-P (ID-P)
What is the NIST Privacy Framework
The NIST Privacy Framework is a voluntary tool for improving privacy through Enterprise Risk Management, to enable better privacy engineering practices that support privacy by design concepts and
help organizations protect individuals’ privacy. The Privacy Framework can support organizations in:
- Building customers’ trust by supporting ethical decision-making in product and service design or
deployment that optimizes beneficial uses of data while minimizing adverse consequences for
individuals’ privacy and society as a whole;1 - Fulfilling current compliance obligations, as well as future-proofing products and services to
meet these obligations in a changing technological and policy environment; and - Facilitating communication about privacy practices with individuals, business partners,
assessors, and regulators.
Source: https://www.nist.gov/privacy-framework/privacy-framework
Note: NIST and related copyright and trademarks belong to their respective owner(s). This guide is for educational purposes only.