The Department of Commerce’s National Institute of Standards and Technology (“NIST”) has released Version 1.0 of its Privacy Framework. This voluntary framework aims to provide organizations with strategies to improve their privacy practices, build customer trust, and fulfill compliance obligations. It is designed to be flexible and non-prescriptive, allowing public and private organizations of all sizes to adapt the framework to their own goals and priorities.
NIST announced its intention to develop this tool in September 2018, and spent the following year collaborating with stakeholders – including corporations, governments, academics, industry groups, and non-profits – to create a draft. It released a preliminary draft of the framework in September 2019, soliciting comments that were used to create Version 1.0.
The Privacy Framework comes at a time of significant change for organizations endeavoring to manage their privacy risk. Federal, state, and local governments around the world are issuing first-of-their-kind privacy laws, with more on the horizon, as we have written about here, here, here, here, and here. This patchwork of untested laws increases the challenge of privacy compliance in the U.S. and abroad.
Continue Reading NIST Releases Version 1.0 of its Privacy Framework