From NIST:
GAITHERSBURG, Md. – Innovative technologies such as the “internet of things” (IoT) and artificial intelligence enhance convenience, efficiency and economic growth. At the same time, these and other technologies increasingly require complex networking environments and use detailed data about individuals that can make protecting their privacy harder.
To help meet this challenge, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced today that it has launched a collaborative project to develop a voluntary privacy framework to help organizations manage risk.
“We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “The development of a privacy framework through an open process of stakeholder engagement is intended to deliver practical tools that allow continued U.S. innovation, together with stronger privacy protections.”
The envisioned privacy framework will provide an enterprise-level approach that helps organizations prioritize strategies for flexible and effective privacy protection solutions so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust.
Parallel with this effort, Commerce’s National Telecommunications and Information Administration is developing a domestic legal and policy approach for consumer privacy in coordination with the department’s International Trade Administration to ensure consistency with international policy objectives.
To collect input from stakeholders, NIST will kick off the effort with a public workshop on Oct. 16, 2018, in Austin, Texas—in conjunction with the International Association of Privacy Professionals’ Privacy. Security. Risk. 2018 conference.
Good cybersecurity practices are central to managing privacy risk but are not sufficient. According to NIST’s description of the new project, organizations need access to additional tools to better address the full scope of privacy risk.
“Consumers’ privacy expectations are evolving at the same time that there are multiplying visions inside and outside the U.S. about how to address privacy challenges,” said NIST Senior Privacy Policy Advisor and lead for the project, Naomi Lefkovitz. “NIST’s goal is to develop a framework that will bridge the gaps between privacy professionals and senior executives so that organizations can respond effectively to these challenges without stifling innovation.”
The Austin public workshop is the first in a series planned to collect current practices, challenges and needs in managing privacy risks in ways that go beyond common cybersecurity practices.
Over the coming year, through these workshops and other outreach efforts, said Lefkovitz, “we want to gather the best ideas from many stakeholders so that the privacy framework tool we develop is useful and effective for a wide range of organizations.”
NIST has also posted an overview of the development schedule for this framework. To learn more, and to register for the Austin public workshop, visit the event website by Oct. 9, 2018.
The workshop will be recorded and shared on the Privacy Framework website.
NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. NIST is a non-regulatory agency of the U.S. Department of Commerce. To learn more about NIST, visit www.nist.gov.