The National Institute of Standards and Technology (NIST) on Tuesday announced that it has launched what it called a “collaborative project to develop a voluntary privacy framework to help organizations manage risk.”
The proposed privacy framework will provide an enterprise-level approach that helps organizations prioritize strategies for flexible and effective privacy protection solutions so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust, according to NIST.
To achieve this, NIST stated that it is developing a domestic legal and policy approach for consumer privacy in coordination with the department’s International Trade Administration to ensure consistency with international policy objectives.
“We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan.
“The development of a privacy framework through an open process of stakeholder engagement is intended to deliver practical tools that allow continued U.S. innovation, together with stronger privacy protections,” he added.
Good cybersecurity practices are central to managing privacy risk but are not sufficient. According to NIST’s description of the new project, organizations need access to additional tools to better address the full scope of privacy risk.
“Consumers’ privacy expectations are evolving at the same time that there are multiplying visions inside and outside the U.S. about how to address privacy challenges,” said NIST Senior Privacy Policy Advisor and lead for the project, Naomi Lefkovitz.
“NIST’s goal is to develop a framework that will bridge the gaps between privacy professionals and senior executives so that organizations can respond effectively to these challenges without stifling innovation,” she added.