The National Institute of Standards and Technology (NIST) has published a guide to privacy best practices, "Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management."
The idea is to continue to get the benefits of data collection while mitigating the privacy risks while avoiding a one-size-fits-all approach, an approach which deregulatory types often associate with "heavy handed" government regulation.
Related: Commerce Releases Suspect Tech-Vetting Framework
The self-regulatory framework has no force of law and is not binding on anyone. Instead, it is meant to be a tool for privacy-by-design practices that put privacy risks on the same level as other risks and is meant to work in concert with the "Framework for Improving Critical Infrastructure."
Related: Ad Groups Form Privacy Coalition
It is billed as supporting:
• "Building customers’ trust by supporting ethical decision-making in product and service design or
deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole;1
• "Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
• "Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators."
NIST says the framework was the handiwork of public and private stakeholders and the product of three workshops, requests for into and comment, five webinars and hundreds of stakeholder meetings.
