Update: NIST Preparing Privacy FrameworkNaomi Lefkovitz, Who's Leading the Project, Describes Its Goals
Building on the success of the NIST Cybersecurity Framework, the National Institute of Standards and Technology is in the early stages of developing a privacy framework. The effort will kick off with a workshop Tuesday in Austin, Texas, explains Naomi Lefkovitz, who is leading the project.
The development of the privacy framework will follow the same model as the cybersecurity framework, Lefkovitz says in an interview with Information Security Media Group.
"The role that NIST took in developing the cybersecurity framework was really a convening role, helping bring together the ideas and concepts of organizations," she says. "We've seen some really successful uptake of the cybersecurity framework, so we can very much aspire to that for the privacy framework."
While recognizing the need for a set of privacy recommendations, Lefkovitz points out that one size does not fit all, so organizations will tailor the eventual NIST privacy framework to meet their needs.
"We would look at this framework as hopefully having a comprehensive set of outcomes, but certainly recognizing that when it comes to privacy and processing of data, that there are a wide range of scenarios," Lefkovitz says. "The goal would be for organizations to find something for themselves in this document, but they don't necessarily have to achieve every outcome because that might not match the kinds of use cases that they have."
The framework, for which compliance will be voluntary, will be developed in the coming months.
In this interview (see audio link below photo), Lefkovitz discusses:
- The motivation for NIST to undertake this initiative;
- The intended outcomes;
- Whether the framework could influence the development of a nationwide privacy regulation along the lines of the European Union's General Data Protection Regulation.