Personnel from the Federal Trade Commission released their recommendations onÂ the National Institute of Standards and Technologyâs draft guidelines for helping organizations manage their privacy risks.
FTC said Thursday its staff are calling on NIST to put more focus on the need to address privacy breach risks at each step under the “Preliminary Draft for Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management”.
Staff also request NIST to clarify procedures for privacy risk management based on data sensitivity and âconsider including a more robust discussionâ on companiesâ efforts to ensure that their public-facing statements align with data privacy practices.
They also called on NIST to designate roles responsible for the development and execution of an entityâs privacy program and highlight the need to conduct comprehensive risk assessments before identifying privacy controls to be implemented.
According to FTC, its staff âcommended NIST for proposing a voluntary tool aimed at helping organizations start a dialogue about managing privacy risks within their organizations.â