WASHINGTON – As the National Institute of Standards and Technology (NIST) advances in its effort to create a privacy framework, ITI, the global voice of the tech sector, applauded its commitment to an approach that is consensus-driven, transparent, and interoperable. In comments submitted to NIST’s “Developing a Privacy Framework” Request for Information this week, ITI commended the agency’s collaborative effort to advance a framework to help organizations protect data and better identify, assess, manage, and communicate privacy risks.
“Consumer trust is a key pillar of innovation, and our industry must do everything it can to deepen that trust and meet our customers’ expectations when it comes to protecting their privacy and personal data,” said John Miller, vice president of policy and law. “Americans and individuals across the globe should know that their data will be used fairly, responsibly, and transparently. NIST’s effort is an important step toward developing effective and consistent guidance that helps organizations better manage privacy risks while fostering customer trust in products and services in an increasingly connected and complex technology environment. We appreciate NIST’s collaborative and inclusive approach to developing a Privacy Framework, which like the Cybersecurity Framework before it, can serve as common risk management tool to help organizations better manage privacy risks and more effectively implement rapidly evolving laws and regulations..”
In its comments, ITI encouraged NIST to develop a “roadmap” in conjunction with the Privacy Framework to identify key areas where additional work to develop and build consensus around privacy standards and best practices is necessary, similar to NIST’s lauded Cybersecurity Framework. Among its other recommendations, ITI advises NIST to develop a product that can:
- Provide a common and accessible language for identifying, assessing, managing and communicating privacy risks;
- Aid organizations in implementing the protections outlined in ITI’s privacy framework, including concepts such as transparency, control, reasonable minimization, security, access and correction, risk management, and accountability;.
- Serve as a tool for organizing and synthesizing other standards, frameworks, models, methodologies, tools, guidelines, best practices, and principles that organizations are using to identify, assess, manage, and communicate privacy risk at the management, operational, and technical levels.
- Offer a mutually interoperable model and best practices that enables companies to demonstrate their compliance with multiple national privacy obligations through a single, streamlined internal privacy risk management approach.
On behalf of the tech industry, ITI has been leading and pushing for federal privacy legislation. ITI’s comments follow the release of its own privacy framework, which provides a legislative roadmap that advances the privacy rights of consumers and defines the responsibilities of companies in using personal data while continuing to enable the innovations that transform people’s lives.