In the absence of federal privacy legislation, NIST’s new Privacy Framework offers companies a comprehensive governmental benchmark to help shape and improve their privacy programs. In this second installment of our series, we share insights from our interview with NIST’s senior policy advisor about how companies might use the Framework and NIST’s plan to augment it in coming months. The article also contains advice from privacy practitioners at Robinson+Cole, Privacy Ref, Nationwide Insurance and the IAPP about using the Framework for assessing privacy risks and challenges for using it. Part One
examined the link between NIST’s new Privacy Framework and its cybersecurity predecessor, its potential for aiding discussions between regulators and companies, its structure and aims, and how it compares to existing privacy frameworks. See “Eleven Key Components of an Effective Privacy Program
” (Feb. 26, 2020).