Alan Calder, founder and executive chairman of IT Governance USA, submitted a response to “NIST Privacy Framework: An Enterprise Risk Management Tool” via a Request for Information (RFI).
Calder said NIST should consider the following:
Risk-based assessment model
Balance business impact with consumers’ privacy interests
Flexible approach to allow corporate scale
NIST is developing a Privacy Framework to pair with its Cybersecurity Framework. In its RFI, NIST said it envisions that the Privacy Framework will be a voluntary tool for organizations to better identify, assess, manage, and communicate privacy risks so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust.
The RFI solicits information regarding organizational considerations for privacy risk management, the structure of the Privacy Framework, and specific privacy practices to be included. The RFI responses will inform the development of an outline of the framework that is anticipated to be issued in early 2019.