New tool from NIST aids in managing privacy
The National Institute of Standards and Technology has released an initial framework that offers a set of privacy protection strategies for health organizations and other entities who want to improve their approach to using and protecting personal data.
The tool was created in a collaboration between NIST—which promotes innovation and industrial competitiveness—and multiple stakeholders across industries.
The NIST privacy framework offers privacy protection strategies to aid entities in using and protecting personal data. “Privacy is more important than ever in today’s digital age,” says Walter Copan, the Undersecretary of Commerce for Standards and Technology.
“Strong support for the framework highlights the need for tools to help organizations build products and services while protecting the privacy of individuals and providing real value,” he adds.
Because personal data can include Social Security numbers, addresses and other sensitive information that could identify the persons giving the information, frequent action is necessary to insure data is not used to embarrass, endanger or comprise consumers, according to NIST.
The framework is not a law or regulation, but a tool to help healthcare entities and others to manage privacy risk arising from their products and services.
A class of personal data considered to be of low value now may have new use in a couple of years, explains Naomi Lefkovitz, a senior policy advisor at NIST. The organization expects to continue building out the privacy framework.
Presently, the framework has three pillars. The Core offers a set of privacy protection activities, Profiles help determine which Core activities an organization should focus on to effectively reach goals, and Implementation Tiers, which aid in optimizing resources dedicated to managing privacy risks.
“What you’ll find in the framework are building blocks that can help you achieve your privacy goals, which may include laws your organization needs to follow,” Lefkovitz adds. “We designed the framework to be agnostic to any law so it can assist no matter what your goals are. If you want to consider how to increase customer trust through more privacy-protective products or services, the framework can help you do that.”