Innovative technologies such as the “internet of things” (IoT) and artificial intelligence enhance convenience, efficiency and U.S. economic growth. At the same time, these and other technologies increasingly require complex networking techniques and collect and process detailed personal data about individuals that can make protecting their privacy very difficult.
To assist in this challenge, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced that it has launched a collaborative project to develop a voluntary privacy framework to help organizations manage risk.
“We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “The development of a privacy framework through an open process of stakeholder engagement is intended to deliver practical tools that allow continued U.S. innovation, together with stronger privacy protections.”
NIST envisions a privacy framework that will provide an enterprise-level approach that assists organizations prioritize strategies for flexible and effective privacy protection solutions so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust that their data will be protected.
In step with this effort, Commerce’s National Telecommunications and Information Administration is developing a domestic legal and policy approach for consumer privacy in coordination with the department’s International Trade Administration to ensure consistency with international policy objectives, NIST said.
To collect input from stakeholders, NIST will kick off the effort with a public workshop on Oct. 16, 2018, in Austin, Texas—in conjunction with the International Association of Privacy Professionals’ Privacy. Security. Risk. 2018 conference.
Good cybersecurity practices are key to managing privacy risk but are not sufficient, NIST said. According to NIST's description of the new project, organizations need access to additional tools to better address the full scope of privacy risk to individuals.
The Austin public workshop is the first in a series planned to collect current practices, challenges and needs in managing privacy risks in ways that go beyond common cybersecurity practices.
Over the coming year, through these workshops and other outreach efforts, said Lefkovitz, “we want to gather the best ideas from many stakeholders so that the privacy framework tool we develop is useful and effective for a wide range of organizations.”
NIST has also posted an overview of the development schedule for this framework. To learn more, and to register for the Austin public workshop, visit the event website by Oct. 9, 2018.
The workshop will be recorded and shared on the Privacy Framework website.
NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. NIST is a non-regulatory agency of the U.S. Department of Commerce. To learn more about NIST, visit www.nist.gov.