Home / News / NIST Issues Preliminary Draft of Privacy Framework

NIST Issues Preliminary Draft of Privacy Framework

Jeff Brody

The National Institute of Standards and Technology has released an initial draft of a framework meant to help organizations improve individuals’ privacy through enterprise risk management.

NIST said Friday that the Privacy Framework seeks to help organizations secure individuals’ privacy through three efforts: establish customer trust by supporting ethical decision-making in service and product design; meet compliance obligations; and facilitate communications with clients and regulators about privacy practices.

The agency noted that the policy follows the structure of the Cybersecurity Framework and is composed of core, profiles and implementation tiers. The core component seeks to facilitate a dialogue about privacy protection operations and desired outcomes, while the profiles part advances the prioritization of activities and outcomes that meet organizational missions and privacy values.

The implementation tiers support communication and decision-making about the organizational processes’ sufficiency to handle privacy risks.

NIST wants stakeholders to assess whether the initial draft defines outcomes that strengthen an individual’s privacy protection or cover existing practices; integrates privacy risk into organizational risk; and allows organizations to adapt to privacy risks arising from the use of artificial intelligence, internet of things and other emerging technologies.

Public comments are due Oct. 24.

Check Also

DIU to Help Navy Adopt Predictive Maintenance; Mike Madsen Quoted

The Defense Innovation Unit is in talks with the U.S. Navy to implement the use of predictive maintenance in the service branch, FCW reported Friday. Mike Madsen, director of strategic engagement at DIU, said at a recent industry event that the unit and U.S. are planning to award a contract on predictive maintenance within fiscal year 2020.