On September 4, 2018, the Commerce Department’s National Institute of Standards and Technology (NIST) announced that it “has launched a collaborative project to develop a voluntary privacy framework to help organizations manage risk.”1 Based on the model of NIST’s Cybersecurity Framework,2 the Privacy Framework will be designed to help organizations “better identify, assess, manage, and communicate privacy risks; foster the development of innovative approaches to protecting individuals’ privacy; and increase trust in products and services.”3
The NIST effort comes as the Commerce Department’s National Telecommunications and Information Administration (NTIA) is developing a “domestic legal and policy approach for consumer privacy” in coordination with the Department’s International Trade Administration to ensure consistency with international policy objectives. NTIA is expected to solicit public input on its project later this month.
NIST will kick off development of the Privacy Framework at a public workshop on October 16, 2018, in Austin, Texas, held in conjunction with the International Association of Privacy Professionals’ Privacy. Security. Risk. 2018 conference. Interested individuals can register here until October 9.
Both the NIST and NTIA efforts reflect the growing interest at the federal level in developing nationally uniform principles addressing the privacy of personal information. A number of senators of both parties have indicated they are developing proposed legislation that would establish federal data privacy standards.4