NIST issues draft framework to help organizations manage data privacy risk

The Department of Commerce’s National Institute of Standards and Technology this week released for comment a draft framework to help organizations that deliver or use data processing systems, products or services manage privacy risk. The draft framework aligns with NIST’s framework for reducing cybersecurity risks to the nation’s critical infrastructure, which includes health care and public health. NIST seeks feedback on whether the draft framework could be readily used as part of an organization’s risk management processes.