The National Institute of Standards and Technology (NIST) published a Cybersecurity Framework in 2014 to help private companies in assessing their security policies and improving their ability to stop, identify, and respond to cyberattacks. Figures from Gartner show that 30% of companies have adopted the Cybersecurity Framework. All federal agencies are mandated to adopt the Framework.
Now NIST is planning to work on a new Framework that will help companies protect the personal data privacy of employees and customers. The NIST Privacy Framework is going to be available at the enterprise level but adoption is voluntary. This tool outlines privacy outcomes and approaches so that organizations can develop plans to implement versatile privacy protection options. The goal of this Framework is to make sure that people can use modern technologies like IoT and AI, with the assurance that their privacy is protected. If organizations will adopt this Privacy Framework, it will help them effectively manage privacy risks.
Using the Cybersecurity Framework and following good cybersecurity practices help organizations minimize the risk of privacy breaches. However, privacy risks are affected by the way organizations gather, keep, use, and share information to meet their mission or business objective. Risks are also impacted by the way people interact with products and services.
To develop the new Framework, NIST plans to collaborate with the industry, academe, civil society communities, standard-setting institutions, federal agencies, local, state, territorial, tribal, and overseas governments, and private firms. This is to ensure that the Privacy Framework will be beneficial and effective for a large selection of organizations. Feedback on the new Framework will be gathered at a public workshop to be held in Austin, Texas on October 16, in association with the yearly conference of the International Association of Privacy Professionals.
The National Telecommunications and Information Administration (NTIA) is likewise developing a new privacy project. Together with the International Trade Administration, they will create a domestic legal and policy approach to protect consumer privacy.