With issues around the collection and handling of personal data becoming the focus of increased scrutiny among regulators, policymakers, and consumers, interest has continued to grow among organizations to better understand and address privacy risk. Seeking to support innovation in the market and to accommodate the increasingly global nature of data processing ecosystems, the National Institute of Standards and Technology (“NIST”) released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“NIST Privacy Framework”) on January 16, 2020. The recent publication aims to outline an adaptable approach to privacy risk for organizations of all sizes by providing a “framework for privacy management, not just a checklist of tasks.”
The NIST Privacy Framework is a voluntary tool intended to assist organizations in managing privacy risks that may arise due to system, product, or service operations that involve personal data, or in connection to new regulatory regimes such as the California Consumer Privacy Act (“CCPA”) and the European Union’s General Data Protection Regulation (“GDPR”). As noted in the Executive Summary, the NIST Privacy Framework is intended to “enable better privacy engineering practices that support privacy by design concepts and help organizations protect individuals’ privacy.” Notably, the Federal Trade Commission (“FTC”), recognized by many as the U.S. government’s top privacy watchdog, had applauded the preliminary draft of the NIST Privacy Framework in Fall 2019 – indicating that the finalized publication could potentially serve as a credible benchmark for organizations seeking to address privacy risk across the data processing lifecycle.
The growing network of internet of things (IoT) devices is expected to reach 30 billion devices by 2020. Despite this tremendous growth, the state of IoT regulation is patchwork at best. Although the FTC is the primary security regulator for consumer IoT devices, there are no comprehensive regulations or laws specific to the unique challenges of the IoT market. This absence of clear and unambiguous standards can be a burden for IoT companies who are looking to innovate while maintaining their customers’ privacy. (more…)
The National Institute of Standards & Technology (NIST) has issued a revised draft version of its Cybersecurity Framework. The document is issued as “Version 1.1″ of the existing framework, redlined to show changes from the original framework issued almost three years ago. It is a draft, seeking comment. No period for public comment is specified, except that NIST expects to hold a public workshop on the revised draft “around the fall of 2017.”
On August 10, 2016, the National Institute of Standards and Technology (“NIST”) issued a notice requesting public comment on the current and future state of cybersecurity in the digital economy. The Request for Information (“RFI”) will serve to facilitate the work of the Commission on Enhancing National Cybersecurity (“CENC”) in delivering detailed cybersecurity recommendations for the public and private sectors pursuant to Executive Order 13718. The February 2016 Executive Order created CENC to develop a plan of action for the next decade to strengthen cybersecurity in the public and private sectors and reinforce partnerships between federal, state and local governments and the private sector. The Executive Order directs the Commission and the Secretary of Commerce to work with NIST to carry out its mission.