FPF New Resource Takes the Guesswork out of Buying Privacy Tech
A new FPF resource helps buyers determine which privacy tools are the most appropriate for their business needs. The Privacy Tech Buyer Framework is a step-by-step tool that provides guidance on buying the best privacy technology through three phases that include simplified steps and case studies.
In the Framework, you’ll explore:
Phase 1: Business Outcomes
Understanding your achievable outcomes for your business is the crucial first step in the privacy tech acquisition process. Outcomes may vary for different businesses, and differ between stakeholders in an organization. Phase 1 of the Framework takes you through several categories of business outcomes that can be achieved with privacy technologies.
Phase 2: Privacy Tech Product Categories
Once you identify the business outcomes you want to achieve, the next step in the process is matching business outcomes to categories of privacy technology products. In Phase 2, the Framework outlines several categories of privacy tech products, drawing from the U.S. National Institute of Standards and Technology (NIST)’s Privacy Framework.
Phase 3: Business-Level Tools and Services
In Phase 3 of the Framework, business-level tools and services are separated into categories based on their functionality. The five main categories include: Identification, Governance, Control, Protection, and Communication. Each category contains tools and services organized by their functionality, for example, Protection includes data security, protective technology, and more. Identifying which categories of functions these privacy technologies fall into will help you select the business-level tools and services that best suit your business needs.
Below is just one of several Framework case studies that illustrate hypothetical scenarios in which you might use this to move from a general business outcome towards a specific buy decision for your business.
CASE STUDY: Company Product Development
A company is developing a product and wants to have the right privacy safeguards in place.
In Phase 1, led by the CIO, the company identified one business outcome; data availability and movability. In Phase 2, the Buyer chose the category of Protection to ensure that personal data is excluded from product development while maintaining the ability to provide useful data to users. The Buyer then selected disassociated processing as their business-level tool in Phase 3, with the intention of removing directly identifying information and using technical privacy modes to ensure transformations minimize exposure.
The Privacy Tech Buyer Framework is a gap-filling document meant to aid buyers in identifying what tools and services are available to help their businesses responsibly and legally use personal information to meet business needs and achieve business outcomes. The ultimate aim of the framework is to simplify and clarify the buyer process, making it easier for users to determine which privacy tools and services they should purchase from vendors.
To learn more, read the full report at the link.