By Kathryn Daily, CISSP, CAP, RDRP
NIST has announced the development of a Privacy Framework. The framework is needed to ensure the ability to design, operate, or use technologies in ways that are observant of various privacy needs in a progressively connected and complicated environment. It is expected to help manage risk by protecting people’s information. Privacy risks can also arise from how organizations collect, store, use, and share this information to meet their mission or business objective, as well as how individuals interact with products and services.
NIST believes that organizations that design, operate, or use these products and services would be better able to address the full scope of privacy risk with more tools to support better implantation of privacy protections. The privacy framework will be a voluntary framework that can be used by government and industry alike. NIST will work with industry, civil society groups, academic institutions, federal agencies, state, local, territorial, tribal, and foreign governments through a series of workshops and requests for public comments over the next year in order to shape and develop the Privacy Framework. As this is a voluntary tool, there is no executive order, or other authoritative driver for NIST to develop this framework.
Resources: NIST Privacy Framework Development Schedule https://www.nist.gov/privacyframework/development-schedule