FTC Suggests Privacy Lead for Companies in Comments to NIST
Companies should put an individual or group in charge of creating and maintaining a privacy program, the FTC told the National Institute of Standards and Technology Thursday, at the deadline for comments on NIST’s effort to develop a “voluntary privacy…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
framework” for companies (see 1909090061). In a 5-0 vote, the FTC recommended “a comprehensive risk assessment as a necessary first step before making decisions about which privacy controls should be implemented.” The agency also recommended NIST “consider including a more robust discussion” about ensuring consumers understand company data privacy practices, “including reviewing whether a company’s actual data practices align with consumer expectations and public-facing statements.” Microsoft urged NIST to include informative references to help “address interoperability requirements with other privacy regimes around the world.” The company’s previous response recommended the framework be interoperable with other global approaches, forward-looking and risk-based and outcome-focused. The Software & Information Industry Association suggested the framework be adaptable “to help companies execute and record compliance programs for diverse data privacy laws and regulations -- a vital feature due to the evolving privacy regulatory landscape in the United States and globally.”