The U.S. Department of Commerce, National Institute of Standards and Technology (NIST) recently released a Request for Information (RFI) on the NIST Privacy Framework. NIST hosted a webinar on November 29 to provide an overview of the process in developing the voluntary framework.

Why does this matter to companies working at the intersection of retail, luxury and technology? The NIST Privacy Framework is intended to serve as a tool for organizations to better manage privacy risk arising from the collection, storage and use of individuals’ personal information. As designers and retailers look for innovative ways to to stay connected and responsive to customers, data has tremendous value for both brands and consumers — with the appropriate safeguards in place. However, even when an organization has implemented effective cybersecurity practices to help secure data from unauthorized systems, privacy risks may still arise from the authorized collection of personal data.

What are the main topics covered in NIST’s RFI? NIST has requested input on several issues related to developing a Privacy Framework, including: how organizations define and assess privacy risk; the role of national/international standards; how the Privacy Framework could be developed to advance the recruitment and retention of privacy professionals; and how to best structure the Privacy Framework.

What is NIST’s timeframe for the Privacy Framework? NIST plans to release the framework outline in early 2019. Public comments are due to NIST by December 31, 2018, 5 pm ET.

Additional information on the NIST Privacy Framework can be found here.

 

Stay In The Know

with the Washington Watch newsletter

Privacy Policy