Comments on the NIST Public Draft of the Privacy Workforce Taxonomy

Back in 2021, National Institute of Standards and Technology (NIST) launched its Privacy Workforce Working Group to identify the tasks, knowledge and skills of privacy workforce of tomorrow. I was happy to be part of this effort. Late last year, after three years of effort, NIST published its initial public draft. They provided only 45 days to comment. I had assembled a team prior to that to provide commentary to NIST on this draft, and, in fact, we had been working for months on previously released (non-public) draft. Our team reviewed nearly 2000 statements linked to 13 subcategories of outcomes. We made comments, suggested remapping some statements, provided suggested rewrites and alternatives, justifications for deleting comments

We suggested

Tasks: 44 deletions, 151 updates and no changes to 131 statements Knowledge: 63 deletions, 103 updates and no changes to 171 statements Skill: 83 deletions, 90 updates and no changes to 121 statements

Beyond that, we had dozens of recommendations to add/remove/replace statements associated with subcategories, as well as dozens of readd from previous private drafts that were dropped from the public release. What follows is our suggested edits and introductory letter.

Full Comments

See our Spreadsheet of all suggested edits

Thanks to Anza Abbas (Enterprivacy Consulting Group) Andrew Berry (Enterprivacy Consulting Group) Nandita Rao Narla (Institute of Operational Privacy Design) Vandana Padmanabhan (Independent)

A version of this blog, has been published on my personal blog at https://privacymaverick.com/the-nist-privacy-workforce-taxonomy/

R. Jason Cronk is the president of the Institute of Operational Privacy Design (IOPD) , principal privacy engineer and consultant at Enterprivacy Consulting Group , an adjunct professor Florida State University College of Law