The Commodity Futures Trading Commission will become the first federal agency to adopt the National Institute of Standards and Technology Privacy Framework, the agency announced Tuesday.
In a statement, the CFTC said it will integrate the framework into its enterprise risk portfolio and use it to better manage and communicate privacy risk throughout the agency. “Adopting this framework will put us on the cutting edge of data privacy protection,” said CFTC Chairman Heath Tarbert.
The publishing of NIST’s voluntary Privacy Framework, the final version of which was released on Jan. 16, followed a year of extensive engagement with stakeholders through a series of public workshops and roundtables on the challenges of protecting data privacy and how to develop guidelines to assist companies in addressing these challenges.
“What you’ll find in the framework are building blocks that can help you achieve your privacy goals, which may include laws your organization needs to follow,” said Naomi Lefkovitz, a senior privacy policy adviser at NIST and leader of the framework effort. It was designed to be agnostic to any law. It was also designed to complement the NIST Cybersecurity Framework.
As with its draft version, the final Privacy Framework centers on three sections: the core, which offers a set of privacy protection activities; the profiles, which help determine which of the activities in the core an organization should pursue to reach its goals most effectively; and the implementation tiers, which help optimize the resources dedicated to managing privacy risk.
NIST is a physical science laboratory of the U.S. Department of Commerce.
Jaclyn Jaeger is an editor with Compliance Week and has written on a wide variety of topics, including ethics and compliance, risk management, legal, enforcement, technology, and more.
No comments yet