Cybersecurity

Federal agency to establish privacy framework

The National Institute of Standards and Technology (NIST) announced Tuesday that it will begin to create a framework to guide organizations on how they can protect the information of individuals using their products or services.

The non-regulatory agency, responsible for setting scientific standards and housed in the Commerce Department, said in a release that the privacy framework would be based off the framework it previously established for cybersecurity issues.

“Consumers’ privacy expectations are evolving at the same time that there are multiplying visions inside and outside the U.S. about how to address privacy challenges,” Naomi Lefkovitz, NIST senior privacy policy advisor and lead for the project, said in the release.

{mosads}“NIST’s goal is to develop a framework that will bridge the gaps between privacy professionals and senior executives so that organizations can respond effectively to these challenges without stifling innovation.”

NIST has created a cybersecurity framework for both public and private groups, and regularly updates the guidance.

The agency said in the release that it will hold a public workshop on Oct. 16 in Austin, Texas around the time of the International Association of Privacy Professionals’ “Privacy. Security. Risk. 2018” conference, to start getting feedback on what should be included in the framework.

“While good cybersecurity practices help manage privacy risk by protecting people’s information, privacy risks also can arise from how organizations collect, store, use, and share this information to meet their mission or business objective, as well as how individuals interact with products and services,” a NIST factsheet on the project states.

Privacy concerns were amplified earlier this year after it was revealed that Cambridge Analytica had improperly obtained the private information of more than 87 million Facebook users, sparking concerns over the company’s privacy practices.

The social media giant and other tech companies have since promised to tighten their efforts on protecting users’ private data.