NIST Begins Developing a Voluntary Online Privacy Framework

The Department of Commerce’s National Institute of Standards and Technology (“NIST”) announced in early September intention to create a Privacy Framework.  This Privacy Framework would provide voluntary guidelines that assist organizations in managing privacy risks.  The NIST announcement recognized that the Privacy Framework is timely because disruptive technologies, such as artificial intelligence and the internet of things, not only enhance convenience, growth, and productivity, but also require more complex networking environments and massive amounts of data.

Building on the success of the NIST Cybersecurity Framework, the Privacy Framework is meant to be a transparent, enterprise-level tool that helps organizations prioritize resources and strategies in order to create flexible, risk-based privacy solutions.  Deliberations between industry, civil society groups, academic institutions, federal, state, and local government entities, standard-setting organizations, and others kicked off with a workshop in Austin, Texas on October 16th, which set the stage by examining how organizations currently manage privacy risks, identifying where the challenges lie, and determining how the Privacy Framework can help organizations meet such challenges.

Shortly thereafter, on October 29, 2018, NIST Senior Privacy Policy Advisor Naomi Lefkovitz discussed the future of the Privacy Framework with a group convened by the American Bar Association’s Section of Science & Technology Law’s E-Privacy Committee.  During the discussion, Ms. Lefkovitz emphasized why a Privacy Framework is needed in addition to NIST’s existing, cyber-related frameworks.  Although good cybersecurity practices can help manage privacy risks by protecting people’s information, privacy risks also can arise from organizations’ authorized collection, storage, use, and sharing of information to meet their mission or business objectives.  If not effectively managed and communicated, privacy risks can have both individual and industry-wide consequences (such as failure to achieve societal acceptance of an otherwise useful technology due to lack of trust in the marketplace).

Ms. Lefkovitz stressed the benefits of the NIST Privacy Framework as it is currently imagined, including:

Read more here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.