The Commodity Futures Trading Commission will become the first federal agency to adopt the National Institute of Standards and Technology Privacy Framework, the agency announced Tuesday.
In a statement, the CFTC said it will integrate the framework into its enterprise risk portfolio and use it to better manage and communicate privacy risk throughout the agency. “Adopting this framework will put us on the cutting edge of data privacy protection,” said CFTC Chairman Heath Tarbert.
The publishing of NIST’s voluntary Privacy Framework, the final version of which was released on Jan. 16, followed a year of extensive engagement with stakeholders through a series of public workshops and roundtables on the challenges of protecting data privacy and how to develop guidelines to assist companies in addressing these challenges.
As with its draft version, the final Privacy Framework centers on three sections: the core, which offers a set of privacy protection activities; the profiles, which help determine which of the activities in the core an organization should pursue to reach its goals most effectively; and the implementation tiers, which help optimize the resources dedicated to managing privacy risk.
NIST is a physical science laboratory of the U.S. Department of Commerce.