NIST Rolls Out Privacy Framework, Encourages Stakeholder Input

The rapidly evolving technology landscape is moving too fast for privacy laws and regulations to evolve with it. To assist agencies and private sector organization in keeping up, the National Institute of Standards and Technology (NIST) has rolled out a privacy framework to provide guidance on maintaining user privacy. At an event last week, NIST Director Walter Copan and NIST Senior Privacy Policy Advisor Naomi Lefkovitz explained how the framework can help agencies navigate their use of technologies.

“Getting privacy right will underpin the use of technologies in the future, including AI and biometrics, quantum computing, the 'internet of things' and personalized medicine,” said Copan at the event hosted by the Center for Strategic and International Studies. “These technologies will be a big part of our future. According to one industry estimate, the biometrics market alone will be worth more than $59 billion by 2025.”

The framework, released in January, calls for the use of enterprise risk management to identify and combat privacy concerns. The framework attempts to provide a “common language for understanding, managing, and communicating privacy risk with internal and external stakeholders” so it can be used across agencies and in the private sector. The framework also helps agencies and organizations take this a step further and apply those principles within their office to prevent privacy abuse before it occurs.

“We actively put in things like ‘establish privacy values, but not only establish them, because lots of companies talk about privacy values, and then you look at their products and you’re like, ‘what happened?' Have privacy values — now have processes to embed your privacy values in your products. It’s that kind of process ... that is so critical,” Lefkovitz said. “Having that risk-based discussion furthers that [perspective]. It keeps organizations focused on actually innovating on their privacy solutions.”

The framework is meant to be a “living document,” with the NIST representatives stressing that this release is only version 1.0. The framework landing page on NIST explains that the agency will spend the next year engaging with stakeholders in various ways, including “industry conferences and other outreach activities such as webinars and workshops to promote use of the Framework, the sharing of best practices among stakeholders, and collaboration on addressing the challenges outlined in the Roadmap.”

Stakeholders can learn more about upcoming events here.