NIST PRIVACY FRAMEWORK

The NIST Privacy Framework Version 1.0 – Released January 2020

Presented by the National Institute of Standards and Technology

60 minutes

The NIST Privacy Framework Version 1.0 – Released January 2020

As the Internet and associated information technologies drive unprecedented innovation, economic value, and access to social services, the amount of data about individuals that is changing hands is nearly incalculable. Many of these technological advancements are powered by individuals’ data flowing through a complex ecosystem. Finding ways to continue to derive benefits from data while also protecting individuals’ privacy is challenging and not well-suited to one-size-fits-all solutions.

To enable better privacy engineering practices and help organizations protect individuals’ privacy, NIST developed the Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework) following a transparent, consensus-based process including both private and public stakeholders. The voluntary Privacy Framework is a flexible tool intended to be widely usable by organizations of all sizes and agnostic to any particular technology, sector, law, or jurisdiction.

What makes this course unique?

Recent events have highlighted how organizations seeking to reap the economic and public interest benefits of data processing at scale must consider the implications of such practices on the privacy rights of individuals. The Privacy Framework is a powerful and publicly available resource that can help organizations build customer trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole.

An attendee will learn:

About the Privacy Framework’s value proposition

The relationship between cybersecurity risk and privacy risk

The relationship between privacy risk and organizational risk

How the Framework facilitates key privacy risk management practices

Details of the Framework’s structure

How the Privacy Framework aligns (and can be used) with the NIST Cybersecurity Framework

About common user stories that have emerged from our stakeholder outreach

How the audience can engage with the Framework and our related workstreams outlined in our roadmap

Presenters

Naomi Lefkovitz

Senior Privacy Policy Advisor, National Institute for Standards and Technology

Naomi Lefkovitz is the Senior Privacy Policy Advisor and Lead for the Privacy Framework in the Information Technology Lab at the National Institute of Standards and Technology, U.S. Department of Commerce. She leads the privacy engineering program, which focuses on developing privacy risk management processes and integrating solutions for protecting individuals’ privacy into information technologies, including digital identity services, IoT, smart cities, big data, mobile, and artificial intelligence.

Fierce Government IT named Ms. Lefkovitz on their 2013 “Fierce15” list of the most forward-thinking people working within government information technology, and she is a 2014 and 2018 Federal 100 Awards winner.

Before joining NIST, she was the Director for Privacy and Civil Liberties in the Cybersecurity Directorate of the National Security Council in the Executive Office of the President. Her portfolio included the National Strategy for Trusted Identities in Cyberspace as well as addressing the privacy and civil liberties impact of the Obama Administration’s cybersecurity initiatives and programs.

Prior to her tenure in the Obama Administration, Ms. Lefkovitz was a senior attorney with the Division of Privacy and Identity Protection at the Federal Trade Commission. Her responsibilities focused primarily on policy matters, including legislation, rulemakings, and business and consumer education in the areas of identity theft, data security and privacy.

At the outset of her career, she was Assistant General Counsel at CD now, Inc., an early online music retailer.

Ms. Lefkovitz holds a B.A. with honors in French Literature from Bryn Mawr College and a J.D. with honors from Temple University School of Law.

Dylan Gilbert

Dylan Gilbert is a Privacy Policy Advisor with the Privacy Engineering Program at the National Institute of Standards and Technology, U.S. Department of Commerce. In this role, he advances the development of privacy engineering and risk management processes with a focus on the Privacy Framework and emerging technologies.

Prior to joining NIST, he was Policy Counsel at Public Knowledge where he led and developed all aspects of the organization’s privacy advocacy. This included engagement with civil society coalitions, federal and state lawmakers, and a broad cross-section of external stakeholders on issues ranging from consumer IoT security to the development of comprehensive federal privacy legislation. He spent the early part of his career as a working musician and freelance writer in his native southern California.

Dylan holds a B.A. in English from the College of William and Mary and a J.D. from the George Washington University Law School.

Moderator

Carlos Solari

Advisory Board Chair at ADCG

Carlos is a VP at SecureG, previously worked as CIO for Mission Secure, Inc. and George W. Bush White House. Prior roles include: IT Executive for FBI, VP for Information Security and Quality Programs at Alcatel Lucent and VP for Information and Cyber Security at CSC (Acquired by HP).

60 minutes