In January 2020, the National Institute for Standards and Technology Privacy Engineering Program published the NIST Privacy Framework. As the framework roadmap stated, “Further development of a knowledgeable and skilled privacy workforce (to include privacy practitioners and other personnel whose duties require an understanding of privacy risks) is necessary to support organizations in better protecting individuals’ privacy while optimizing beneficial uses of data.”
The NIST Privacy Engineering Program has kicked off an effort to develop a privacy workforce taxonomy, aligned with the NIST Privacy Framework and the Workforce Framework for Cybersecurity (NICE Framework) (introduced in July 2020 as Draft NIST Special Publication 800-181, Revision 1) to provide a common language around roles, tasks, knowledge, and skills – and they need your help, NIST said in a release.
Since NIST’s approach to privacy and cybersecurity is to recognize their independence as disciplines as well as their overlap, the end result of both initiatives is intended to be listings of tasks, knowledge, and skills and examples of organizing them into work roles and competencies that organizations can use in a modular fashion to address their workforce needs for privacy and cybersecurity.
NIST is offering a workshop, Help Wanted: Growing a Workforce for Managing Privacy Risk, the International Association of Privacy Professionals (IAPP) will host on September 22-24, 2020. This workshop is free, open to the public, and designed to maximize the opportunity for participation from around the world.
NIST will facilitate working sessions where attendees can share feedback and ideas about what is needed to achieve the Privacy Framework’s outcomes and activities. The working sessions will have limited capacity, so don’t wait to register.
NIST will use feedback from the virtual workshop to inform the development of a draft taxonomy that can include sets of roles, tasks, knowledge, and skills that it will share for review. NIST foresees this process unfolding over the next several months, with the goal of releasing findings in 2021.
Some personnel may not consider themselves as a “privacy professional” but can still play a vital role in mitigating privacy risk in their organizations.
NIST is encouraging participation from a range of professions and is seeking their input: technical, business, policy, human resources, data science, engineering, product design and development — and legal.
Register now for the workshop.
Share your perspective about:
- Challenges, needs, and opportunities for developing a skilled and knowledgeable workforce.
- The work roles, tasks, knowledge, and skills necessary to align with the Privacy Framework.
- Your organizational priorities for workforce resources (e.g., listings of tasks, knowledge, and skills and where those fit in work roles and competencies).
- Other issues that NIST should consider as we develop these resources.
If you haven’t already, join the Privacy Framework mailing list to periodically receive updates from NIST about this effort.
If you are unable to tune in to the virtual workshop, NIST is planning more opportunities in the coming months to support the growth of a workforce better able to produce systems, products, and services that provide benefits while minimizing privacy risk.