The National Institute of Standards and Technology (NIST) has launched a collaborative project “to develop a voluntary privacy framework to help organizations manage risk.”

NIST provides and oversees one of the nation’s most important and widely-used cyber-security frameworks for both private and public entities. It is a non-regulatory agency of the U.S. Department of Commerce. Innovative technologies such as the internet of things and artificial intelligence enhance convenience, efficiency and economic growth, a statement says. At the same time, these and other technologies increasingly require complex networking environments and use detailed data about individuals that can make protecting their privacy more difficult.

 “We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” Under Secretary of Commerce for Standards and Technology and NIST Director Walter Copan said in a statement. “The development of a privacy framework through an open process of stakeholder engagement is intended to deliver practical tools that allow continued U.S. innovation, together with stronger privacy protections.”

The envisioned privacy framework will provide an enterprise-level approach that helps organizations prioritize strategies for flexible and effective privacy protection solutions so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust.

Parallel with this effort, Commerce’s National Telecommunications and Information Administration is developing a domestic legal and policy approach for consumer privacy in coordination with the department’s International Trade Administration to ensure consistency with international policy objectives.

To collect input from stakeholders, NIST will kick off the effort with a public workshop on Oct. 16 in Austin, Texas—in conjunction with the International Association of Privacy Professionals’ Privacy. Security. Risk. 2018 conference.

Good cyber-security practices are central to managing privacy risk, but are not sufficient. According to NIST’s description of the new project, organizations need access to additional tools to better address the full scope of privacy risk.

“Consumers’ privacy expectations are evolving at the same time that there are multiplying visions inside and outside the U.S. about how to address privacy challenges,” NIST Senior Privacy Policy Advisor and lead for the project Naomi Lefkovitz said. “NIST’s goal is to develop a framework that will bridge the gaps between privacy professionals and senior executives, so that organizations can respond effectively to these challenges without stifling innovation … We want to gather the best ideas from many stakeholders, so that the privacy framework tool we develop is useful and effective for a wide range of organizations.”

The Austin public workshop is the first in a series planned to collect current practices, challenges, and needs in managing privacy risks in ways that go beyond common cyber-security practices.

NIST has also posted an overview of the development schedule for the proposed framework. To learn more and to register for the workshop, visit the event Website by Oct. 9, 2018.

The workshop will be recorded and shared on the Privacy Framework Website.

Topics