Internet, Telecom Groups Raise Four Issues on NIST Draft on Privacy Risk Management
The National Institute of Standards and Technology's (NIST) draft on Internal Report 8062 negatively affects the private sector, 12 Internet and telecom groups wrote in a joint comment to NIST Thursday. “We appreciate NIST’s recognition of the importance of privacy…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
engineering and the use of technological approaches to minimize privacy risks and to implement a ‘privacy by design’ approach,” wrote the groups, which included CTIA, The Internet Association and USTelecom. But four issues with the draft caught the attention of the groups. “As written, the draft NISTIR extends beyond its intended scope of being limited to federal information systems and its potential applicability to the private sector is concerning,” the groups said. “The catalog of privacy problems set forth in the draft NISTIR includes subjective ‘problems’ that result in premature policy-making on privacy"; “the risk management methodology cannot produce repeatable and measurable results because it relies on subjective determinations"; and “the draft NISTIR omits an integral component of privacy risk assessments, namely a discussion of the benefits of taking a certain data action,” they said.