NIST Releases Privacy Framework

Suggests one size does not fit all
Author:
Publish date:

The National Institute of Standards and Technology (NIST) has published a guide to privacy best practices, "Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management." 

The idea is to continue to get the benefits of data collection while mitigating the privacy risks while avoiding a one-size-fits-all approach, an approach which deregulatory types often associate with "heavy handed" government regulation.  

Related: Commerce Releases Suspect Tech-Vetting Framework 

The self-regulatory framework has no force of law and is not binding on anyone. Instead, it is meant to be a tool for privacy-by-design practices that put privacy risks on the same level as other risks and is meant to work in concert with the "Framework for Improving Critical Infrastructure." 

Source: NIST

Source: NIST

Related: Ad Groups Form Privacy Coalition 

It is billed as supporting:  

• "Building customers’ trust by supporting ethical decision-making in product and service design or 

deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole;1 

• "Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and 

• "Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators." 

NIST says the framework was the handiwork of public and private stakeholders and the product of three workshops, requests for into and comment, five webinars and hundreds of stakeholder meetings.  

Related