NIST Wants Your Feedback on Privacy Guidelines
The General Data Protection Regulation (GDPR) has created very detailed regulations to address data privacy in the EU. If the EU’s data protection regulations do nothing else, they at least highlight the importance of data privacy as other standards and compliance groups jump onboard. The National Institute of Standards and Technology (NIST) is in the process of defining their own guidelines for a volunteer “privacy framework.” NIST guidance is primarily directed towards Federal agencies to help them comply with statutory or Federal policy requirements. This volunteer privacy framework is intended to help organizations of all kinds better manage privacy risks within their diverse environments. According to their website:
The National Institute of Standards and Technology (NIST) is developing a voluntary privacy framework, in collaboration with private and public sector stakeholders, to help organizations with:
- Building customer trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole;
- Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
- Facilitating communication about privacy practices with customers, assessors, and regulators.
NIST plans to have version 1 of the framework published by the end of 2019. Organizations are encouraged to review the Preliminary Draft and provide feedback to NIST at [email protected]. To learn more about becoming an early adopter, go to https://www.nist.gov/privacy-framework.
Most consumers don’t realize how much of their personal information is shared online, simply by clicking an ad or reading an article. You might unknowingly share anything from name and email address to which prescriptions you take and what IP address you log in from. You might think, “Who cares if my email is on someone’s mailing list?” but having your information out on some list somewhere can be shared with spammers and others with ill intent.
But what if your end users are customers who are logging in to your network on their home or work computers and mobile devices? You have no control over their systems, but you can configure your network and their access to prevent unwanted intrusions.
Most of the visitors to this blog are rather tech savvy and quite aware of how data leaks happen. What you want to know is how can you protect your not-so-savvy end users from oversharing?
Of course, education is the best tool you have to help end users help themselves. For example, your security policies need to address things like never sharing logins, closing/clearing your browser sessions, and not clicking links in emails from outside the organization. But you can also lock down your network and other systems to prevent end users from doing those things that can cause a data leak. Globalscape’s managed file transfer platform, EFT, can be configured with very strict security settings so that only those who have permission to see data can see it. EFT can make sure that you’re using secure protocols, encrypting file transfers and storage, expiring and resetting passwords, preventing repeated invalid login attempts, and ensures that you’re not sending confidential data across your network.
Contact us to learn how Globalscape and EFT can help your company be a privacy protector, instead of an oversharer.