NIST Issues Preliminary Draft of Privacy Framework

Jeff Brody

The National Institute of Standards and Technology has released an initial draft of a framework meant to help organizations improve individuals’ privacy through enterprise risk management.

NIST said Friday that the Privacy Framework seeks to help organizations secure individuals’ privacy through three efforts: establish customer trust by supporting ethical decision-making in service and product design; meet compliance obligations; and facilitate communications with clients and regulators about privacy practices.

The agency noted that the policy follows the structure of the Cybersecurity Framework and is composed of core, profiles and implementation tiers. The core component seeks to facilitate a dialogue about privacy protection operations and desired outcomes, while the profiles part advances the prioritization of activities and outcomes that meet organizational missions and privacy values.

The implementation tiers support communication and decision-making about the organizational processes’ sufficiency to handle privacy risks.

NIST wants stakeholders to assess whether the initial draft defines outcomes that strengthen an individual’s privacy protection or cover existing practices; integrates privacy risk into organizational risk; and allows organizations to adapt to privacy risks arising from the use of artificial intelligence, internet of things and other emerging technologies.

Public comments are due Oct. 24.

You may also be interested in...

Huntington Ingalls

Huntington Ingalls Board Elects Kari Wilkinson as EVP, Shipbuilding Division President

Huntington Ingalls Industries’ (HII) Board of Directors has elected Kari Wilkinson, Ingalls’ vice president, program management, to serve as executive vice president of HII and president of the Shipbuilding division, effective April 1st. She will succeed Brian Cuccias, who will retire in April. Wilkinson will report to HII executive vice president and chief operating officer Chris Kastner