Home / News / Naomi Lefkovitz on Five Functions of NIST’s Privacy Framework

Naomi Lefkovitz on Five Functions of NIST’s Privacy Framework

Naomi Lefkovitz, senior privacy policy adviser at the National Institute of Standards and Technology, offered updates on a proposed framework to help organizations address issues related to data privacy at RSA Conference 2019, Threatpost reported Thursday.

Lefkovitz told the audience that privacy should be considered as part of organizations’ “broader enterprise risk management activity.” She explained the Privacy Framework’s identify, protect, control, inform and respond functions. When it comes to protection, she discussed an overlap with data security and that NIST considers including privacy engineering, information lifecycle and cryptographic techniques in the protection concept. 

“We are trying to provide concepts to act as a foundation for more clearly defined relationships between privacy and security,” Lefkovitz said. “Privacy risk is more than data risk – companies also process data, over the entire lifecycle, from collection through disposal. And they need to process that data to achieve business or data objectives – but there can be unintended consequences and privacy issues can arise for individuals.” 

Kevin Stine, chief of NIST’s applied cybersecurity division, joined Lefkovitz to discuss the Privacy Framework, which is expected to be completed by October. The report said NIST is looking for comments on the framework and will host a live webinar on March 14 and a workshop in May.

Check Also

Bryan Ware to Focus on CISA Modernization, Data Mgmt

Bryan Ware, the Cybersecurity and Infrastructure Security Agency's new assistant director for cybersecurity, said he will focus on the modernization of CISA's infrastructure, Fifth Domain reported Tuesday. The effort will largely involve updates across the agency's artificial intelligence technologies and data management tools, Ware said at FedScoop’s Data Cloud Summit.