This month, the National Institute of Standards and Technology (NIST) drafted a new version of its NIST Privacy Framework (PFW), which was intended to address current privacy risk management needs, maintain alignment with the agency’s recently updated Cybersecurity Framework, and improve usability.
The draft release, “NIST Privacy Framework 1.1 Initial Public Draft,” was broadly intended to aid organizations in managing the privacy risks that could arise from personal data flowing through complex information technology systems. The NIST further noted that the changes made to the PFW were needed due to its relationship with the widely used NIST Cybersecurity framework (CSF), which had received an update in February of last year.
PFW 1.1 Public Draft Core is thus realigned with CSF 2.0 Core in many places. The changes include more focus on the Govern Function, which includes risk management strategy and policies; and Protect Function, the privacy and cybersecurity safeguards. In addition, it updates the PFW to include advances in the use of artificial intelligence (AI) tools such as chatbots. The draft PFW’s Section 1.2.2 outlines the ways that AI and privacy…
