The National Institute of Standards and Technology (NIST) is taking the first steps to develop a privacy framework that balances risk and protections, the agency announced on Tuesday.
“The envisioned privacy framework will provide an enterprise-level approach that helps organizations prioritize strategies for flexible and effective privacy protection solutions so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust,” said NIST in a statement.
“The voluntary framework is envisioned to provide a catalog of privacy outcomes and approaches for organizations of all kinds to better identify, assess, manage, and communicate about privacy risks so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust,” the framework’s website states.
“We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan.
However, NIST noted that the cybersecurity framework does not fully cover privacy concerns.
“While good cybersecurity practices help manage privacy risk by protecting people’s information, privacy risks also can arise from how organizations collect, store, use, and share this information to meet their mission or business objective, as well as how individuals interact with products and services,” the agency said.
To kick off the effort, NIST will host a workshop on October 16 in Austin, Texas, in concert with an International Association of Privacy Professionals’ event.