The National Institute of Standards and Technology (NIST) Director Walter Copan announced Feb. 19 that just one month after the version 1.0 release of the agency’s privacy framework, NIST is already working on a privacy guide for small- and medium-sized businesses.
NIST is ready to begin reaching out to innovative, smaller companies to get a sense of how a privacy framework can help them, he said. A framework tailored to the needs of small and medium businesses will help them build in privacy and security from the get-go. Copan did not reveal a timeline for the framework.
“Despite the spring to get to this point, we are truly only at the beginning of our privacy framework journey,” Copan said at the Center for Strategic and International Studies’ Conversation on the NIST Privacy Framework.
NIST Privacy Framework 1.0 has been open for public comment since January and the agency is already working on improvements, such as adding information on deidentification and privacy risk assessment approaches. NIST is also revising a fifth version of special publication 800-53 to integrate privacy controls into security.
“In our cybersecurity and privacy work, we find its best to keep an open mind to possible solutions and approach each task with respect for all stakeholders,” he said. “We consult early and often with public and private sectors because we know we need their input.”
Copan explained that NIST designed its privacy framework to help organizations build privacy outcomes that meet obligations to the customers, boards, and regulators. NIST is not a lawmaking body, but the director hopes that its framework shapes organizations’ approach to consumer privacy.
Naomi Lefkovitz, senior privacy policy advisor, added, “We have this opportunity now to chart a course on privacy that can impact people and societies around the world for many years to come.”