Law.com reported that with the January 16, 2020 release version 1.0 of the NIST Privacy Framework, NIST (National Institute of Standards and Technology) ”… joins a chorus of advocates calling for companies to thoroughly understand its collection and storage of personal information.” The January 24, 2020 report entitled “Companies Won't Find a Universal Privacy Framework With New NIST Release” about the NIST Privacy Framework which follows the structure of the 2018 NIST Framework for Improving Critical Infrastructure Cybersecurity, and included these comments from Naomi Lefkovitz (the Framework’s privacy lead) about the Privacy Framework:
…described it as “building blocks” to develop privacy, consumer trust and demonstrate how a company is meeting compliance regulations.
…this framework was needed to encourage a holistic, ongoing approach to privacy, instead of a rigid, linear process that may not fully address all privacy concerns.
I think we’ve seen with some of the approaches to privacy is the checklist approach with transparency principles where I put out a privacy notice that it turns out no one reads but I check the box on transparency,…
If no one is reading it, what privacy are they gaining? Are they effective solutions?
To be sure, while the suggested framework isn’t necessarily game-changing, it is a welcomed assistance to help companies better understand and mitigate their risk.
Privacy is something of a mess in 2020 between GDPR, CCPA, and other pending state privacy laws! What do you think?