Preliminary Draft of the NIST Privacy Framework
| Published date | 09 September 2019 |
| Citation | 84 FR 47255 |
| Record Number | 2019-19315 |
| Section | Notices |
| Court | National Institute Of Standards And Technology |
Federal Register, Volume 84 Issue 174 (Monday, September 9, 2019)
[Federal Register Volume 84, Number 174 (Monday, September 9, 2019)]
[Notices]
[Pages 47255-47256]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-19315]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
Preliminary Draft of the NIST Privacy Framework
AGENCY: National Institute of Standards and Technology, U.S. Department
of Commerce.
ACTION: Notice; request for comment.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
seeks comments on the Preliminary Draft of the NIST Privacy Framework:
A Tool for Improving Privacy through Enterprise Risk Management
(``Preliminary Draft''). The Preliminary Draft was developed by NIST
using information collected through the Request for Information (RFI)
that was published in the Federal Register on November 14, 2018, and a
series of open public workshops and webinars. NIST developed the
Preliminary Draft in collaboration with public and private
stakeholders. It is intended for voluntary use to help organizations:
Better identify, assess, manage, and communicate privacy risks when
designing or deploying systems, products, and services; foster the
development of innovative approaches to protecting individuals'
privacy; and increase trust in systems, products, and
[[Page 47256]]
services. The Preliminary Draft is available electronically from the
NIST website at: https://www.nist.gov/privacy-framework.
DATES: Comments in response to this notice must be received by 5:00
p.m. Eastern time on October 24, 2019.
ADDRESSES: Written comments may be submitted by mail to Katie
MacFarland, National Institute of Standards and Technology, 100 Bureau
Drive, Stop 2000, Gaithersburg, MD 20899. Electronic submissions may be
sent to [email protected], and may be in any of the following
formats: HTML, ASCII, Word, RTF, or PDF. Please cite ``NIST Privacy
Framework: Preliminary Draft Comments'' in all correspondence. An
optional comment template is available at https://www.nist.gov/privacy-framework and is encouraged for both written and electronic comments.
Relevant comments received by the deadline will be posted at https://www.nist.gov/privacy-framework without change or redaction, so
commenters should not include information they do not wish to be posted
(e.g., personal or confidential business information). Comments that
contain profanity, vulgarity, threats, or other inappropriate language
or content will not be posted or considered.
The Preliminary Draft is available electronically from the NIST
website at: https://www.nist.gov/privacy-framework.
FOR FURTHER INFORMATION CONTACT: For questions about this notice,
contact: Naomi Lefkovitz, U.S. Department of Commerce, NIST, MS 2000,
100 Bureau Drive, Gaithersburg, MD 20899, telephone (301) 975-2924,
email [email protected]. Please direct media inquiries to
NIST's Public Affairs Office at (301) 975-NIST.
SUPPLEMENTARY INFORMATION: For more than two decades, the internet and
associated information technologies have driven unprecedented
innovation, economic value, and improvement in social services. Many of
these benefits are fueled by data about individuals that flow through a
complex ecosystem. As a result of this complexity, individuals may not
understand the potential consequences for their privacy as they
interact with systems, products, and services. At the same time,
organizations may not realize the full extent of these consequences for
individuals, for society, or for their enterprises, which can affect
their reputations, their bottom line, and their future prospects for
growth. In response to these risks, and in order to further
technological innovation and increase trust in information systems,
NIST has undertaken development of the voluntary NIST Privacy
Framework: A Tool for Improving Privacy through Enterprise Risk
Management.
The Preliminary Draft, as presented, is intended to provide an
organizational tool for:
Building customer trust by supporting ethical decision-
making in product and service design or deployment that optimizes
beneficial uses of data while minimizing adverse consequences for
individuals' privacy and society as a whole;
Helping to fulfill current compliance obligations, as well
as future-proofing products and services in a changing technological
and policy environment; and
Facilitating communication about privacy practices with
customers, assessors, and regulators.
It is designed to enable organizations to manage privacy risks
through a prioritized, flexible, outcome-based, and cost-effective
approach that is compatible with existing legal and regulatory regimes
in order to be most useful to a broad range of organizations and enable
widespread adoption. It is modeled after the structure of the Framework
for Improving Critical Infrastructure Cybersecurity to facilitate the
complementary use of both frameworks.\1\
---------------------------------------------------------------------------
\1\ National Institute of Standards and Technology (2018)
Framework for Improving Critical Infrastructure Cybersecurity,
Version 1.1. (National Institute of Standards and Technology,
Gaithersburg, MD), https://doi.org/10.6028/NIST.CSWP.04162018.
---------------------------------------------------------------------------
The Preliminary Draft was developed through a public review and
comment process that included information collected through a Request
for Information (RFI), 83 FR 56824 (November 14, 2018), and a series of
public workshops and webinars. Comments received in response to the RFI
are available at https://www.nist.gov/privacy-framework/request-information.
NIST held three open public workshops and four webinars to provide
the public with additional opportunities to provide input. The first
workshop was conducted on October 16, 2018, in Austin, Texas. The
second workshop was conducted on May 13-14, 2019 at the Georgia
Institute of Technology Scheller College of Business in Atlanta,
Georgia. The third workshop was conducted on July 8-9, 2019, at the
Boise State University School of Public Service in Boise, Idaho. The
four webinars were held on November 29, 2018; March 14, 2019; May 28,
2019; and June 27, 2019. In addition, NIST provided materials on its
website to aid in the development process. These materials included an
outline (February 2019), a discussion draft (April 2019), and
supplemental materials to the discussion draft (June 2019). These
materials, as well as workshop agendas, presentation slides, and
summary reports, and recordings of workshop plenary sessions and
webinars are available at https://www.nist.gov/privacy-framework.
Request for Comments
NIST seeks public comments on the Preliminary Draft available
electronically from the NIST website at: https://www.nist.gov/privacy-framework. An optional comment template is available at the same
address and is encouraged for both written and electronic comments.
Interested parties should submit comments in accordance with the DATES
and ADDRESSES sections of this notice. Relevant comments received by
the deadline will be posted at https://www.nist.gov/privacy-framework
without change or redaction, so commenters should not include
information they do not wish to be posted (e.g., personal or
confidential business information). Comments that contain profanity
vulgarity, threats, or other inappropriate language or content will not
be posted or considered.
Authority: 15 U.S.C. 272(b), (c), & (e); 15 U.S.C. 278g-3.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2019-19315 Filed 9-6-19; 8:45 am]
BILLING CODE 3510-13-P
