Federal Trade Commission staff submitted a comment on the National Institute of Standards and Technology’s (NIST) Preliminary Draft for Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.
In the comment, staff of the FTC’s Bureau of Consumer Protection commended NIST for proposing a voluntary tool aimed at helping organizations start a dialogue about managing privacy risks within their organizations. The comment suggested five changes to the Framework.
First, staff called for greater attention to the need to address the risk of privacy breaches at each step of the Draft Privacy Framework. Second, staff recommended that the Framework clarify that procedures for managing privacy risks should account for the sensitivity of the information. Third, staff recommended that NIST consider including a more robust discussion of the analysis that companies should undertake to ensure that consumers understand a company’s data privacy practices, including reviewing whether a company’s actual data practices align with consumer expectations and public-facing statements. Fourth, staff suggested that the Framework include the designation of one or more specific individuals to be in charge of creating, implementing, and maintaining an organization’s privacy program. Finally, staff recommended that the Framework highlight the importance of conducting a comprehensive risk assessment as a necessary first step before making decisions about which privacy controls should be implemented.
The Commission voted 5-0 to authorize staff to submit the comment to NIST.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.
Juliana Gruenwald Henderson
Office of Public Affairs