NIST’s Next Framework Focuses on Protecting Consumers’ Privacy


The Commerce Department agency will begin gathering feedback for a privacy framework at a Texas conference in October.

The Commerce Department division that developed a 2014 cybersecurity framework for industry will begin work on a privacy framework to help companies protect the personal information of customers and employees.

The National Institute of Standards and Technology, or NIST, will be gathering public feedback for the effort beginning with an Oct. 16 public workshop in Austin, Texas, according to a news release.

That workshop will be held alongside an annual meeting of the International Association of Privacy Professionals, NIST said.

The privacy framework will be modeled on the process of public meetings and feedback mechanisms NIST used to develop its cybersecurity framework, the institute said in a fact sheet.

Like the cybersecurity framework, the NIST privacy framework will be entirely voluntary for companies.

The cybersecurity framework is now used by about 30 percent of companies according to research by the consulting firm Gartner. The framework is mandatory for federal agencies following a 2017 executive order by President Donald Trump.

Where the cyber framework focused on information security best practices and controlling who could access information, the privacy framework will focus on privacy risks that “arise from how organizations collect, store, use, and share this information to meet their mission or business objective[s],” according to the fact sheet.

The framework will also address information collected when customers interact with products and services, the fact sheet states. Those concerns have grown substantially as more household and personal devices are connected to the internet.

The broad goal for the privacy effort will be to settle on a common language about privacy controls so that top executives and privacy professionals can more easily understand each other and better balance privacy and innovation, NIST Senior Privacy Policy Advisor Naomi Lefkovitz said in a statement.

“We want to gather the best ideas from many stakeholders so that the privacy framework tool we develop is useful and effective for a wide range of organizations,” said Lefkovitz, who will be leading the project for NIST.

In a parallel effort, Commerce’s National Telecommunications and Information Administration and International Trade Administration are developing legal and policy guidance for consumer privacy, NIST said.