Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsNIST to Develop Voluntary Privacy Framework
The National Institute of Standards and Technology (NIST) is holding a public workshop in Austin, Texas to start the process of creating a privacy framework for companies seeking to protect the personal information of customers and employees. The workshop is scheduled for October 16, 2018, immediately before the International Association of Privacy Professionals (IAPP) Privacy Security Risk conference in Austin.
In the NIST fact sheet discussing the creation of the framework, NIST said that good cybersecurity isn’t enough to protect consumer information as “privacy risks can arise from how organizations collect, store use and share information to meet their mission or business objective, as well as how individuals interact with products and services.”
NIST is going to work collaboratively with the private sector and federal agencies to develop the guidelines and standards. The creation of the privacy framework will be modeled on the process used by NIST for the 2014 cybersecurity framework. The cybersecurity framework is mandatory for federal agencies and is used voluntarily by about thirty percent of companies. For the privacy framework, extensive outreach is planned to industry, civil society groups, academic institutions, state governments, local governments, federal agencies, and others through a series of workshops and public comment periods.
The National Tecommunications and Information Administration is separately developing a set of privacy principles and coordinating with the International Trade Administration. Both NIST and NTIA are part of the U.S. Deparment of Commerce’s commitment to addressing the privacy challenge.
It is currently unclear how this voluntary framework will interact with the White House’s planned policy proposal on privacy, which is anticipated this fall. The fact sheet on the privacy framework says that it will be “a voluntary, enterprise-level tool that could provide a catalog of privacy outcomes and approaches to help organizations prioritize strategies that create flexible and effective privacy protection solutions, and enable individuals to enjoy the benefits of innovative technologies with greater confidence and trust.” It will be designed to allow organizations to better manage privacy risks rather than proscribe solutions.
Other Blog Posts on Proposed Federal Privacy Law Changes:
NTIA Global Privacy Priorities
Media Reports White House Considering Privacy Law Changes
Business Roundtable Privacy Framework
Intel Draft Privacy Law
ITI FAIR Privacy Framework
US Chamber of Commerce Privacy Principles
Improve Data Privacy for GDPR or CCPA with Clarip
The Clarip team and enterprise privacy management software are ready to meet your compliance automation challenges. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If compliance with the California Consumer Privacy Act is your focus until 2020, ask us about our CCPA software. Handle automation of data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with the consent management software.
Need to improve your GDPR compliance solution? Clarip offers modular GDPR software that can fill in gaps in your privacy program. Choose from the data mapping software for an automated solution to understanding your data collection and sharing, conduct privacy risk assessments with DPIA software, or choose the cookie consent manager for ePrivacy.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
