The National Institute of Standards and Technology (NIST) released a Request for Information on Nov. 13 and looking for comment on its NIST Privacy Framework, an Enterprise Risk Management Tool that the agency anticipates to issue by early 2019. NIST said that it envisions that the Privacy Framework will be a voluntary tool for businesses to better identify, review, interpret, refine, manage, and communicate about privacy risks so that individuals can enjoy the advantages of innovative technologies with greater confidence and trust.
The Request for Information seeks comment on information about organizational considerations for privacy risk management that includes the structure of the Privacy Framework, and specific privacy practices. The agency wants Comments by Dec. 31.
The National Institute of Standards and Technology Privacy Framework have been developed through a consensus-driven, open, and collaborative process, which includes workshops and other opportunities to give input.
NIST has developed the Privacy Framework in a manner consistent with its mission to foster U.S. innovation and industrial competitiveness and is seeking input from all interested stakeholders. The agency intends for the Privacy Framework to offer a prioritized, lithe, risk-based, outcome-based, and cost-effective approach that can be compatible with existing legal and regulatory regimes in order to be the most useful to organizations and enable widespread adoption. National Institute of Standards and Technology expects that the Privacy Framework development process will involve several iterations to allow for continuing engagement with interested stakeholders.