A privacy framework is critical for
the effective development and ongoing management of your privacy program. You
could adopt an “appropriate” privacy framework or appropriate elements from a
combination of privacy framework. Your environment will dictate the approach
that you may take.
Here is a list and brief description of some established privacy Frameworks:
- AICPA privacy framework is a tool for organizations that allows them to build a foundation for their privacy program and is an update to the Generally Acceptable Privacy Principles (GAPP). AICPA looks at an organization’s activities relating to the collection, creation, storage, and transmitting of personal data.
For the AICPA privacy framework, see link:
https://www.incpas.org/docs/default-source/blog-article/privacy-management-framework.pdf
For the AICPA Generally Acceptable Privacy Principles (GAPP), see link:
https://iapp.org/media/presentations/11Summit/DeathofSASHO2.pdf
- NIST privacy framework is a voluntary and free resource tool that assists organisations in integrating privacy practices with the cybersecurity elements. Organisations can take on the aspects that apply to them rather than adopting the entire framework.
For the NIST privacy framework, see link:
https://www.nist.gov/privacy-framework
- ISO/IEC 27701:2019 specifies how to create, implement, maintain, and improve the organization’s personal information management system (PIMS).
Documentation of this framework can be purchased from the ISO at link:
https://www.iso.org/standard/71670.html
- BS 10012 is another framework for a Personal Information Management System (PIMS).
Documentation of this framework can be found at link:
https://www.bsigroup.com/en-GB/BS-10012-Personal-information-management/
0 Comments