NIST publishes draft privacy framework

The National Institute of Science and Technology (NIST) has published a draft Privacy Framework in response to the EU’s GDPR, the Cambridge Analytica scandal, and an IBM blog post from May of last year calling for an equivalent to NIST’s cybersecurity framework, FedScoop reports.

The institute is seeking public comment on the 43-page preliminary draft through October 24, and plans to publish an initial completed version by the end of calendar 2019.

“One benefit we feel is that this can really help organizations build customer trust by being able to engage in more ethical decision-making around how to optimize beneficial uses of data while minimizing harm to individuals,” NIST Information Technology Lab Framework Lead Naomi Lefkovitz told FedScoop.

Lefkovitz notes that agencies are often in the role of customers of vendors who they hope are managing privacy risks appropriately.

One World Identity CEO Travis Jarae says the framework could enable companies to embed standards in future development, but he is hoping tech giants will further engage with the process.

“Striking a balance between the public and private sector has been challenging historically; it’s a showstopper, but the government has really stepped up and made it easier for big and small companies to work with them,” he said. “I am extremely bullish on innovation in the area of digital identity and privacy with government agencies going forward.”

Virtru Director of Federal Joseph Stuntz says there is an appetite for more clarity if legislation is not forthcoming, but also that some groups will resist anything they see as the introduction of regulation.

Article Topics

data protection  |  digital identity  |  NIST  |  privacy  |  standards