Blogs

Posted on Friday, September 21, 2018

US Agency Responding to European Privacy Protections

The European Union’s new, rigorous privacy rules, the General Data Protection Regulation (GPDR), continue to wash across the U.S. legal and regulatory landscape and impact U.S. based government contractors.  

The latest to join the movement are our friends at the National Institute of Standards and Technology (“NIST”).  On September 4, 2018, NIST announced plans to develop a voluntary privacy framework as an enterprise risk management tool.   

Privacy rules are important because good cybersecurity doesn’t solve all cyber problems. “While good cybersecurity practices help manage privacy risk by protecting people’s information, privacy risks also can arise from how organizations collect, store, use, and share this information to meet their mission or business objective, as well as how individuals interact with products and services.” (https://www.nist.gov/privacy-framework/about) 

In developing this framework, NIST is thinking ahead. Its privacy framework aims to assist organizations in managing data privacy risks that new technologies are exposing them to, such as artificial intelligence and the “Internet of Things.”  Although these new technologies allow organizations to conduct business more efficiently, their use of data and complex environments pose real dangers to data security.   

NIST’s privacy framework is significant because (1) this new framework is NIST’s own initiative, showing that NIST has possibly overcome its previous reluctance to issue standards outside of the government sector, (2) NIST issued a cybersecurity framework a few years ago which had a significant impact on how cybersecurity is reviewed and measured, which shows that NIST is well-positioned to lead this new privacy framework, and (3) this privacy framework taps into areas more difficult to assess and measure than cybersecurity and where there is less consensus as to norms  and standards.   

Because privacy protection is critical to all government contractors, Berenzweig Leonard will follow NIST’s progress in developing its framework and update readers on its development. For more information about the new NIST’s proposed privacy framework, see the NIST Privacy Framework Factsheet posted on the NIST website.   

 

Berenzweig Leonard is teaming up with Red Team Consulting for a monthly newsletter featuring upcoming contracts, key protest decisions, legal updates, events, and more. This post was published in the September 2018 Monthly Insights newsletter. To sign up for Monthly Insights, please click here. 

Steve Britt is a Partner at Berenzweig Leonard LLP. Steve leads the firm’s Cybersecurity Law practice and can be reached at SBritt@BerenzweigLaw.com.