January 17, 2020

WASHINGTON — Today, ITI welcomed the release of the National Institute of Standards and Technology’s (NIST) first version of the Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management (the “Privacy Framework”), a voluntary, consensus-based tool to help companies of all sizes protect consumer data and manage privacy risks.

“NIST’s Privacy Framework offers valuable guidance to organizations seeking to comply with an evolving landscape of privacy laws and regulations both globally and in the United States,” said John Miller, Senior Vice President of Policy and Senior Counsel at ITI. “This framework serves as a lodestar for organizations of all sizes and across industries by providing effective and consistent yet flexible guidance to help them more effectively design privacy into products and services and better manage privacy risks while fostering customer trust in an increasingly data-driven world. We also appreciate the consideration given to our recommendations as the Privacy Framework and Privacy Roadmap were being built last year, and look forward to working with NIST as it continues its important work.”

In comments submitted to NIST’s preliminary draft last October, ITI commended NIST’s collaborative effort to advance the framework., and also offered several suggestions for important future work to be included in the privacy roadmap including recommendations on international and regulatory aspects, impacts and alignment, creating an inventory and mapping of global standards and regulations, and re-identification risks. We were pleased to see these items included in the Roadmap NIST published in conjunction with the Privacy Framework. These roadmap items are key areas where additional work can be done to evolve and build consensus around future versions of the Privacy Framework, similar to how NIST’s successful Cybersecurity Framework has been developed.

ITI’s comments followed the release of its own privacy framework, which provides a legislative guide that advances the privacy rights of consumers and defines the responsibilities of companies in using personal data, while continuing to enable innovation.

Public Policy Tags: Cybersecurity