Share this article on:
In 2014, the National Institute of Standards and Technology (NIST) published its Cybersecurity Framework – A framework of computer security guidance to help private sector companies assess their security policies and improve their ability to prevent, detect, and respond to cyberattacks.
The Framework has been a huge success. Figures from Gartner suggest it has already been adopted by 30% of companies, and adoption of the Framework is mandatory for all federal agencies.
Now NIST plans to start working on a new Framework to help companies protect the privacy of employees and customers in what has become an increasingly connected and complex environment.
The NIST Privacy Framework will be a voluntary enterprise-level tool that will detail privacy outcomes and approaches to help organizations develop strategies for implementing flexible privacy protection solutions. The aim is to ensure that individuals can benefit from the use of innovative technologies such as IoT an AI, with the confidence that their privacy will be protected. Adopting the Privacy Framework will help organizations manage privacy risks more effectively.
“We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter Copan.
Adopting the Cybersecurity Framework and ensuring good cybersecurity practices are followed helps companies reduce the risk of privacy breaches, but as NIST explained, “Privacy risks also can arise from how organizations collect, store, use, and share this information to meet their mission or business objective, as well as how individuals interact with products and services.”
NIST will take a collaborative approach when developing the new Framework as it did when it developed its Cybersecurity Framework. NIST plans to work with industry, academic institutions, civil society groups, standard-setting organizations, federal agencies, state, local, territorial, tribal, and foreign governments, and private companies through workshops and requests for public comment.
NIST plans to start gathering feedback on the new Framework at a public workshop being held in Austin, TX on October 16, in conjunction with the annual meeting of the International Association of Privacy Professionals.
Another Department of Commerce agency, the National Telecommunications and Information Administration (NTIA), is also working on a new privacy initiative. NTIA is currently developing a domestic legal and policy approach for consumer privacy in coordination with the International Trade Administration.