The National Institute of Standards and Technology’s new draft Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management highlights three factors to help firms manage privacy and cyber-risk: the core—five functions that act as a checklist for activities and outcomes; profiles—a selection of categories and functions for prioritization; and implementation—four tiers to assess the availability and adaptability of company resources.
