echo August 14, 2020 4:37 PM

Midday Keynote Presentation: NIST Privacy Framework Version 1.0
Dylan Gilbert, National Institute of Standards and Technology (NIST), Gaithersburg, Maryland

As the Internet and associated information technologies drive unprecedented innovation, economic value, and access to social services, the amount of data about individuals that is changing hands is nearly incalculable. Many of these technological advancements are powered by individuals’ data flowing through a complex ecosystem. Finding ways to continue to derive benefits from data while also protecting individuals’ privacy is challenging and not well-suited to one-size-fits-all solutions.

To enable better privacy engineering practices and help organizations protect individuals’ privacy, NIST developed the Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework) following a transparent, consensus-based process including both private and public stakeholders. The voluntary Privacy Framework is a flexible tool intended to be widely usable by organizations of all sizes and agnostic to any particular technology, sector, law, or jurisdiction.

In a nutshell what he is discussing is effectively an organisational approach stuck in permanent inadequacy and negligence. This is a pattern for never ending litigation. A risk versus precuationary approach, and a mandatory human rights framework versus voluntary are pretty much known knowns. I think this is one reason why the US will never be a solution to security concerns and it requires a more European approach.


How Do You Put A System Of Controls In Place When Your Target Keeps Moving?

Shoot them or step on their air pipe.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.