Technology Decision Makers

last person joined: 22 days ago 

A group for those in nonprofit IT decision-making roles to connect with peers and share best practices. This Technology Decision Makers group is for nonprofit IT or MIS Directors/Managers as well as CIOs and CTOs to connect with their peers and share best practices. Topics for discussion include, but are not limited to: hardware and software management, product reviews, emerging technology, best practices, collaborating effectively with other departments, and management conundrums. Membership is restricted to IT staff at nonprofit organizations.

NIST's Draft Privacy Framework

  • 1.  NIST's Draft Privacy Framework

    Posted Jun 27, 2019 16:11
      |   view attached

    Whether or not your organization has to implement good privacy practices to meet obligations imposed by applicable laws and regulations (e.g., GDPR or CCPA) incorporating good privacy practices will help your organization advance its mission.

    The National Institute of Standards and Technology (NIST), the same folks who brought us such hits as the Cybersecurity Framework and Risk Management Framework, hosted a webinar today on the current draft of the Privacy Framework.  Version 1.0 of the framework is anticipated to be available later this year.

    The Privacy Framework is non-prescriptive and risk- & outcome-based. It takes some cues from the Cybersecurity Framework; for example; it is structured around a core, profiles, and tiers. The Core provides a set of activities to achieve specific privacy outcomes.  It is comprised of Functions, Categories, and Subcategories.

    • Functions – Provides high-level privacy activities. The current functions are Identify, Protect, Control, Inform, and Respond.  Protect is closely tied to the Cybersecurity Framework.
      • You can have "good" security without privacy, but you cannot have "good" privacy without security.
    • Categories – Subdivides Functions into groups of privacy outcomes closely tied to organizational needs and particular activities.
    • Subcategories – Divides a category into specific outcomes relevant to the people, processes, and technologies of a good privacy program.

    You can view the current draft at

    The slide deck from the webinar is attached.

    Thank you,

    William Rankin
    Manager, Compliance and Privacy Services
    American Technology Services


    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline

  • 2.  RE: NIST's Draft Privacy Framework

    Posted Jun 27, 2019 16:46

    Hi William,


    Thank you for sharing.






    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline