NIST Cybersecurity Privacy Principles in Plain English

Cybersecurity and privacy are closely related. Since cybersecurity programs often collect, process,
maintain, and use personal information, personal privacy issues must be carefully considered. Great
care must be taken to avoid collecting too much personal information or being too invasive, disclosing
this information unintentionally or involuntarily, or retaining it indefinitely or without authorization.

Your Cybersecurity Program should comply with the following NIST Privacy Principles:

• Minimize the amount of personal information used to manage your cybersecurity incidents.

• Minimize the amount of personal information collected whenever cybersecurity incidents occur.

• Minimize the amount of personal information disclosed whenever cybersecurity incidents occur.

• Minimize the amount of personal information retained whenever cybersecurity incidents occur.

• Respect the personal data-use limits imposed by stakeholders not involved in cybersecurity.

• Consider what kind of personal information may be used to manage cybersecurity incidents.

• Consider what kind of personal information may be collected whenever cybersecurity incidents occur.

• Consider what kind of personal information may be disclosed whenever cybersecurity incidents occur.

• Consider what kind of personal information may be retained whenever cybersecurity incidents occur.

• Ask for consent whenever personal information is used to manage cybersecurity incidents.

• Provide appropriate remedies for those who experience adverse impacts and seek redress.

• Be open, honest, and transparent about your organization’s cybersecurity activities and incidents.

• Provide all the information stakeholders need in order to address cybersecurity incidents.

• Protect the quality of personal data by ensuring that it is accurate, complete, and up-to-date.

• Acknowledge that you’ll be held accountable for protecting the privacy of personal information.

Also see NIST Privacy Framework

MORE CYBERSECURITY PAGES

InfoGraphics for NIST Cybersecurity

Introduction to Cybersecurity Framework

Overview of NIST Cybersecurity Framework

Structure of NIST Cybersecurity Framework

Cybersecurity Framework in Plain English

How to Create a Cybersecurity Program

Cybersecurity Implementation Tiers

Cybersecurity Audit Checklist

Cybersecurity Audit Tool

Home Page

Our Library

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

praxiom@gmail.com                      help@praxiom.com                      780-461-4514

 Updated on August 23, 2021. First published on January 27, 2020.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2020-2021 by Praxiom Research Group Limited. All Rights Reserved.

First Edmonton Place, 14th Floor, 10665 Jasper Avenue, Edmonton, Alberta, T5J 3S9, Canada