HB Ad Slot
HB Mobile Ad Slot
What Is a Profile in The Context of The NIST Privacy Framework?
Friday, June 4, 2021

The NIST privacy framework refers to the term “current profile” to describe the current state of a company’s privacy program in relation to a specific Subcategory. So, for example, a company might include the following description in its current profile for the following subcategory:

Subcategory Current Profile
ID.IM-P1: Systems/products/services that process data are inventoried. The company maintains a data inventory policy which requires that a data inventory be conducted every 12 months that identifies each system, product, and services that processes personal information. For systems, products, and services that have already been identified, the responsible employee for that system, product, or service is asked to verify the accuracy of the description that is contained within the inventory.

The NIST privacy framework refers to the term “target profile” to describe the state that the company desires – but has not yet achieved – for its privacy program in the future. So, for example, a company might include the following description in the same subcategories target profile:

Subcategory Target Profile
ID.IM-P1: Systems/products/services that process data are inventoried. The company maintains a data inventory policy which requires that a data inventory be conducted every 12 months that identifies each system, product, and services that processes personal information. For systems, products, and services that have already been identified, the responsible employee for that system, product, or service is asked to verify the accuracy of the description that is contained within the inventory. The company’s data inventory is electronically hosted online and maintains an audit trail of each responsible system owner that has reviewed a system’s description. The inventory automatically identifies when a system has not been reviewed and validated for accuracy within 12 months and triggers a reminder for the system owner to log into the inventory, review the system description, and modify the description as needed for accuracy.

 

How many core categories are included in the NIST privacy framework?

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory.  Categories are intended to be subdivisions of the Functions, and groupings of the Subcategories. In total, the NIST privacy framework contains 18 Categories

How many core subcategories are included in the NIST privacy framework?

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. Subcategory is the most granular, and tangible, aspect of the core. In total, the NIST privacy framework proposes 100 Subcategories.  It should be noted, however, that the Subcategories included within the NIST privacy framework are not intended to be exhaustive, and companies may alter the subcategories (as well as the functions and the categories) by tailoring the proposed Subcategories or adding additional Subcategories that align with a company’s privacy program.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins