Personnel from the Federal Trade Commission released their recommendations on the National Institute of Standards and Technology’s draft guidelines for helping organizations manage their privacy risks.
FTC said Thursday its staff are calling on NIST to put more focus on the need to address privacy breach risks at each step under the "Preliminary Draft for Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management".
Staff also request NIST to clarify procedures for privacy risk management based on data sensitivity and “consider including a more robust discussion” on companies’ efforts to ensure that their public-facing statements align with data privacy practices.
They also called on NIST to designate roles responsible for the development and execution of an entity’s privacy program and highlight the need to conduct comprehensive risk assessments before identifying privacy controls to be implemented.
According to FTC, its staff “commended NIST for proposing a voluntary tool aimed at helping organizations start a dialogue about managing privacy risks within their organizations.”