Home / News / NIST Issues Preliminary Draft of Privacy Framework

NIST Issues Preliminary Draft of Privacy Framework

Jeff Brody

The National Institute of Standards and Technology has released an initial draft of a framework meant to help organizations improve individuals’ privacy through enterprise risk management.

NIST said Friday that the Privacy Framework seeks to help organizations secure individuals’ privacy through three efforts: establish customer trust by supporting ethical decision-making in service and product design; meet compliance obligations; and facilitate communications with clients and regulators about privacy practices.

The agency noted that the policy follows the structure of the Cybersecurity Framework and is composed of core, profiles and implementation tiers. The core component seeks to facilitate a dialogue about privacy protection operations and desired outcomes, while the profiles part advances the prioritization of activities and outcomes that meet organizational missions and privacy values.

The implementation tiers support communication and decision-making about the organizational processes’ sufficiency to handle privacy risks.

NIST wants stakeholders to assess whether the initial draft defines outcomes that strengthen an individual’s privacy protection or cover existing practices; integrates privacy risk into organizational risk; and allows organizations to adapt to privacy risks arising from the use of artificial intelligence, internet of things and other emerging technologies.

Public comments are due Oct. 24.

Check Also

Leidos Awarded $47M Contract to Provide Technical Support Services for U.S. Air Force; Ed Whitehouse Quoted

The U.S. Air Force has awarded Leidos a potential six-year, $47 million indefinite delivery/indefinite quantity contract to provide support services for the Air Force Technical Applications Center's (AFTAC) U.S. National Data Center (U.S. NDC), Leidos announced on Friday.