The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced this month that it has launched a collaborative project to develop a voluntary privacy framework to help organizations manage risk relating to protecting privacy in complex networking environments.
The goal of the project is to develop a privacy framework that can deliver practical tools for developers of innovative technologies (such as IoT and AI) that will ultimately yield stronger privacy protections for individuals.
NIST, which promotes innovation and industrial competitiveness, has had great success with broad adoption of its Cybersecurity Framework Version 1.1 released earlier this year, according to Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. It is now sponsoring outreach efforts throughout the U.S. to gather the best ideas for a useful and effective privacy framework.
NIST correctly notes that cybersecurity is central to managing privacy risk, but not sufficient in itself. Privacy professionals both inside and outside the U.S. are responding to (and perhaps leading) consumer privacy expectations with positions that NIST politely understates as reflecting “multiplying visions.” A framework of balanced standards for building privacy protections into technology design will benefit society broadly.
NIST, which focuses on standards for technology developers, is only one of several U.S. agencies addressing privacy concerns.
For example, the U.S. Department of Commerce’s National Telecommunications and Information Administration is currently engaged in gathering input in order to formulate core, high-level principles on data privacy with a stated goal of avoiding contributing to a fractured and stifling regulatory landscape. And of course, the Federal Trade Commission, the big dog in consumer protection enforcement, continues its efforts to protect consumer privacy while critically analyzing the economic impact of such protection on competition and innovation.