NIST Announces Privacy Framework Effort

On September 4, 2018, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced the start of a collaborative project to develop a voluntary privacy framework to help organizations manage privacy related risk. The envisioned privacy framework will provide an enterprise-level approach to help organizations prioritize strategies for “flexible and effective privacy protection solutions so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust.” Parallel with this effort, the U.S. Department of Commerce’s National Telecommunications and Information Administration is developing a domestic legal and policy approach for consumer privacy in coordination with the department’s International Trade Administration.

NIST kicked off the privacy framework effort with a public workshop on October 16, 2018 in Austin, Texas held in conjunction with the International Association of Privacy Professionals’ Privacy, Security, Risk 2018 conference. NIST will be holding a live webinar and Q&A session on the privacy framework on November 29, 2018.

NIST is a non-regulatory federal agency within the U.S. Department of Commerce whose mission is to “promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”  NIST is perhaps most well known for its 2014 Cybersecurity Framework, which has been widely adopted by private and public enterprises to manage against cybersecurity risk. Previous posts addressed NIST’s prior efforts at issuing new maritime cybersecurity rules, focus on Internet of Things technology, and update to its 2014 Cybersecurity Framework.

The adoption of a privacy framework by NIST will have a significant impact on business. It will also represent a welcome effort in light of the rapidly changing privacy frameworks facing industry, including the European Union’s General Data Protection Regulation (GDPR) and California’s new Privacy Law  (which we analyze here) going into effect January 1, 2020.

Dentons is the world’s largest law firm, a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner, and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral NetworkThe Dentons Privacy and Cybersecurity Group operates at the intersection of technology and law, and has been singled out as one of the law firms best at cybersecurity by corporate counsel, according to BTI Consulting Group.