NIST Privacy Framework Company Practices Maturity Tiers

Trending News

It’s the Final Countdown – The Final PWFA Regs Are Here

Corporate Transparency Act – Continued Developments

Healthcare Preview for the Week of: April 15, 2024 [Podcast]

SCOTUS Declines to Review New York City’s Rent Stabilization Law

Trending in Telehealth: April 2 – April 8, 2024

New CFIUS Rules to Enhance Enforcement and Investigation Activities

Chanel Seeks Permanent Injunction Against WGACA

EPA Finalizes National Primary Drinking Water Regulation for Certain PFAS

GeTtin' SALTy Episode 26 | Catch-up with Jared Walczak at the Tax Foundation, with a Focus on Property Tax Relief

Safety Perspectives From Region 6: OSHA’s New Walkaround Rule [Podcast]

David A. Zetoony

Email

303.685.7425

Bio and Articles

Does the NIST Privacy Framework Require that Companies Score Themselves?

by: David A. Zetoony of Greenberg Traurig, LLP - Data Privacy Dish

Friday, June 11, 2021

Print Mail Download

i

No. The NIST privacy framework recommends that companies summarize their maturity with respect to each category by using four “Tiers.” The Tiers are intended to describe whether the current practices of the company with respect to the domain are partially in place (Tier 1), risk informed (Tier 2), repeatable (Tier 3), or adaptive (Tier 4). While the NIST privacy framework contemplates that a maturity assignment using the tiering system will help a company “communicate internally about resource allocations necessary to progress to a higher Tier or as general benchmarks to gauge progress in its capability to manage privacy risks,” the privacy framework does not mandate that companies assign a tier to each subcategory, nor does the privacy framework mandate that companies achieve a certain tier level.[1] The net result is that the tiers are designed to be a tool to help companies conceptualize their maturity in relationship to specific privacy issues.

[1] NIST, NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0 at 9 (Jan. 16, 2020).

Current Legal Analysis

Regulatory Update and Recent SEC Actions April 2024

by: Thomas R. Westle

Justice Department has Opportunity to Revolutionize its Enforcement Efforts with Whistleblower Program

by: Stephen M. Kohn

PTO Cash-Outs and Constructive Receipt

by: Al Ward , Kirsten L. Vignec

Business Taxation of Hedging Transactions Part III: Identification Requirements and Aggregate Hedging

by: Andie Kramer

Misapplication of Complete Auto

by: Nicole L. Johnson

More from Greenberg Traurig, LLP

Treasury Department Announces Proposed Regulatory Updates to CFIUS Enforcement Mechanisms and Civil Penalties

by: Kara M. Bombach , Cyril T. Brennan

Failure to Produce Privilege Log

by: Kathryn C. Cole

Court Considers Recusal Standards in CFPB 5th Circuit Suit Over Credit Card Late Fees

by: Tonya M. Esposito , Shirin Afsous

GTDRIVES: Dynamic Dialogues | Maternal Health Disparities [Podcast]

by: Akiesha Gilcrist Sainvil

Tax Court Rejects Constitutional Challenges to International Information Return Penalties

by: Barbara T. Kaplan , Scott E. Fink

Supreme Court Finds FAA ‘Transportation Worker’ Exemption Does Not Require Employment in Transportation Industry

by: Nicholas D. SanFilippo , Shirin Afsous

USCIS Announces Information on EB-5 Regional Center Audits

by: Miriam C. Thompson

Effective June 12, California Issues Final Regulations for Charitable Fundraising Platforms Registration Duty for Cause-Marketing Programs

by: Ed Chansky , Erica L. Okerberg

Texas House Speaker Creates Select Committee on AI and Emerging Technologies

by: Elizabeth Hadley

Re-Parole Process Available for Ukrainian Citizens Effective February 2024

by: Anna Reiff ‡

Upcoming Legal Education Events

Jun

4

2024

FinTech and Securities Trading Platforms

May

15

2024

Capital Connect: Finance & Funding in Life Sciences

May

14

2024

Harmonizing TSCA Consent Orders with OSHA HCS 2012

May

7

2024

FinTech and Employment Law

Print