Cybersecurity and privacy
are closely related. Since cybersecurity programs often
collect, process,
maintain, and use personal information, personal privacy issues must be carefully considered. Great care must be taken to avoid collecting too much personal information or being too invasive, disclosing this information unintentionally or involuntarily, or retaining it indefinitely or without authorization. |
Your
Cybersecurity Program should comply with the following NIST
Privacy Principles: • Minimize the amount of personal information used to manage your cybersecurity incidents. • Minimize the amount of personal information collected whenever cybersecurity incidents occur. • Minimize the amount of personal information disclosed whenever cybersecurity incidents occur. • Minimize the amount of personal information retained whenever cybersecurity incidents occur. •
Respect the personal data-use limits imposed by stakeholders
not involved in cybersecurity. • Consider what kind of personal information may be used to manage cybersecurity incidents. • Consider what kind of personal information may be collected whenever cybersecurity incidents occur. • Consider what kind of personal information may be disclosed whenever cybersecurity incidents occur. • Consider what kind of personal information may be retained whenever cybersecurity incidents occur. •
Ask for consent whenever personal information is used to
manage cybersecurity incidents. •
Provide appropriate remedies for those who experience adverse
impacts and seek redress. •
Be open, honest, and transparent about your organization’s
cybersecurity activities and incidents. •
Provide all the information stakeholders need in order to
address cybersecurity incidents. •
Protect the quality of personal data by ensuring that it is
accurate, complete, and up-to-date. •
Acknowledge that you’ll be held accountable for protecting the
privacy of personal information. |
Also see NIST Privacy Framework
praxiom@gmail.com help@praxiom.com 780-461-4514 |
|||
Updated on August 23, 2021. First published on January 27, 2020. |
|||
Legal Restrictions on the Use of this Page Copyright © 2020-2021 by Praxiom Research Group Limited. All Rights Reserved. |