NIST developing a Privacy Risk Management Framework: requests comments

Published: Wednesday, 03 June 2015 07:08

To better anticipate and address the impacts that innovations in cloud computing, big data and cyber-physical systems can have on privacy in federal information systems, the US National Institute of Standards and Technology (NIST) has drafted a document that lays out a framework for privacy risk management. NIST is asking for public comment on the draft framework.

The Privacy Risk Management Framework will provide a common vocabulary, objectives to facilitate privacy engineering, and a risk model for assessing privacy risk in information systems. The privacy risk model aims to provide a repeatable and measurable method for addressing privacy risk in information systems.

In developing the draft Framework, NIST sought the perspectives and experiences of privacy experts across a variety of sectors in an open and transparent process that included workshops, public comment periods and various other outreach activities.

Read the full draft document on the NIST website and submit comments to privacyeng@nist.gov using the format provided. Comments will be posted publicly and will be used to refine the framework. The public comment closes July 13, 2015, at 5 pm Eastern time.