Past Due for a Privacy Assessment? These New Guidelines May Help

The National Institute of Standards and Technology (NIST) has published a new set of guidelines designed to help organizations assess their security and privacy controls.

The guidelines include customizable privacy assessment procedures that are intended to be “flexible enough to meet the needs of different organizations while providing consistency in conducting control assessments,” according to NIST, a division of the U.S. Department of Commerce.

Topics covered under the guidelines include access control policies, contingency planning, incident response, system maintenance and risk assessment, among others.

The guidelines are intended to help organizations determine the effectiveness of their existing controls and risk management processes, and gain insights on the strengths and weaknesses of the systems supporting their missions and business functions.

Organizations of any size and in any sector are vulnerable to privacy risks. Although NIST’s guidelines are aimed at an American audience, they are widely applicable to businesses and organizations operating in Western Canada.

The lawyers in the MLT Aikins Privacy, Data Protection & Cybersecurity practice group have extensive experience conducting privacy assessments for clients and developing effective privacy compliance programs. Contact us to learn how we can assist your organization with a privacy assessment.

Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice.