Making privacy an easier conversation

The National Institute of Standards and Technology’s Privacy Framework, a companion to the more mature Cybersecurity Framework, helps organizations move beyond a check-the-box compliance exercise and engineer privacy into their systems in an approach that parallels more familiar enterprise IT security programs.

Already having achieved an estimated 25% penetration only nine months into the program, the Privacy Framework makes it easy to visualize the relationship between what an individual experiences directly from a privacy breach and the impact on the organization responsible, helping enterprises build customer trust and meet their compliance obligations.

One of the surprising benefits, though, has been the way the Privacy Framework encourages communication, NIST Senior Privacy Policy Adviser Naomi Lefkovitz, the Privacy Framework’s point person, said during a recent event showcasing 2020 Federal 100 Award winners.  This is because the framework gives stakeholders a common way to talk about risk, she explained.

From a simple red-yellow-green heatmap creating an ah-ha moment for senior management to a detailed gap analysis, organizations are using NIST’s Privacy Framework to “support their ability to conduct ethical decision making, to find ways to optimize beneficial uses of data while minimizing adverse consequences for individuals privacy,” she said.

Read about all the 2020 Federal 100 winners here.

Editor's note: This piece as changed Oct. 27 to correct Naomi Lefkovitz's name.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected