Governance & Risk Management , NIST Standards , Privacy

Update: NIST Preparing Privacy Framework

Naomi Lefkovitz, Who's Leading the Project, Describes Its Goals
Update: NIST Preparing Privacy Framework
Naomi Lefkovitz, senior privacy policy adviser, NIST

Building on the success of the NIST Cybersecurity Framework, the National Institute of Standards and Technology is in the early stages of developing a privacy framework. The effort will kick off with a workshop Tuesday in Austin, Texas, explains Naomi Lefkovitz, who is leading the project.

The development of the privacy framework will follow the same model as the cybersecurity framework, Lefkovitz says in an interview with Information Security Media Group.

"The role that NIST took in developing the cybersecurity framework was really a convening role, helping bring together the ideas and concepts of organizations," she says. "We've seen some really successful uptake of the cybersecurity framework, so we can very much aspire to that for the privacy framework."

While recognizing the need for a set of privacy recommendations, Lefkovitz points out that one size does not fit all, so organizations will tailor the eventual NIST privacy framework to meet their needs.

"We would look at this framework as hopefully having a comprehensive set of outcomes, but certainly recognizing that when it comes to privacy and processing of data, that there are a wide range of scenarios," Lefkovitz says. "The goal would be for organizations to find something for themselves in this document, but they don't necessarily have to achieve every outcome because that might not match the kinds of use cases that they have."

The framework, for which compliance will be voluntary, will be developed in the coming months.

In this interview (see audio link below photo), Lefkovitz discusses:

  • The motivation for NIST to undertake this initiative;
  • The intended outcomes;
  • Whether the framework could influence the development of a nationwide privacy regulation along the lines of the European Union's General Data Protection Regulation.

Lefkovitz is the senior privacy policy adviser at NIST's information technology lab. She leads the privacy engineering program, which focuses on developing privacy risk management processes and integrating solutions for protecting individuals' privacy into information technologies, including digital identity services, IoT, smart cities, big data, mobile technologies and artificial intelligence.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.