NIST Kicks Off Development of the Privacy Framework Workshop in Austin
NIST hosted a workshop in Austin, Texas on October 16, 2018,launching the process to create a Privacy Framework. The workshop brought together a diverse group of tech industry leaders, government officials, and research and consulting experts to brainstorm on the organization and content of the Privacy Framework. I attended on behalf of Wiley Rein’s Privacy & Security Practice.
Similar to NIST’s Cybersecurity Framework, NIST envisions this Framework will be created from a collaborative open process. While the Framework is still in a nascent phase of development, what I heard from participants at the workshop is that they were in general agreement that the Privacy Framework should be a tool to manage risk, not a compliance checklist. Likewise, participants seemed to find consensus on the point that data must be treated as an asset and managed accordingly—with thoughtful consideration of how treatment of data should evolve throughout the life cycle of that data. Participants shared diverging views of how to evaluate harm that may result from the use of data. NIST suggested that there were business reasons to address privacy problems or concerns that may not rise to the level of a legally cognizable harm. However, business leaders suggested that the Privacy Framework should focus on the positive use of data (such as innovation) rather than negative outcomes (such as harm).
NIST will make a recording of the Workshop and a summary available in the next couple of weeks. NIST is actively encouraging interested parties to share their thoughts and recommendations with NIST as it moves forward with this process. NIST will host a Question and Answer session about the Privacy Framework on November 29, 2018. It anticipates hosting a second workshop in early 2019.
The privacy and security team at Wiley Rein has been actively involved in NIST’s efforts for years. NIST’s work has been expanding into privacy in several areas, affecting organizational management and product development. We are helping clients inform federal policy and comment on this and other privacy efforts ongoing at the federal level. If you’d like to engage with NIST in this important effort, please contact our team.