Back in 2021, NIST launched it Privacy Workforce Working Group to identify the tasks, knowledge and skills of privacy workforce of tomorrow. I was happy to be part of this effort. Late last year, after three years of effort, NIST published its initial public draft. They provided only 45 days to comment. I had assembled a team prior to that to provide commentary to NIST on this draft, and, in fact, we had been working for months on previously released (non-public) draft. Our team reviewed nearly 2000 statements linked to 13 subcategories of outcomes. We made comments, suggested remapping some statements, provided suggested rewrites and alternatives, justifications for deleting comments
We suggested
Tasks: 44 deletions, 151 updates and no changes to 131 statements
Knowledge: 63 deletions, 103 updates and no changes to 171 statements
Skill: 83 deletions, 90 updates and no changes to 121 statements
Beyond that, we had dozens of recommendations to add/remove/replace statements associated with subcategories, as well as dozens of readd from previous private drafts that were dropped from the public release. What follows is our suggested edits and introductory letter.
Thanks to
Anza Abbas (Enterprivacy Consulting Group)
Andrew Berry (Enterprivacy Consulting Group)
Nandita Narla (Institute of Operational Privacy Design)
Vandana Padmanabhan (Independent)