National Institute of Standards and Technology (NIST) Request for Information (RFI)

The National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce (DOC) is developing a framework that can be used to improve organizations’ management of privacy risk for individuals arising from the collection, storage, use, and sharing of their information. [1] The NIST Privacy Framework: An Enterprise Risk Management Tool (“Privacy Framework”), is intended for voluntary use and is envisioned to consist of outcomes and approaches that align policy, business, technological, and legal approaches to improve organizations’ management of processes for incorporating privacy protections into products and services. This notice requests information to help identify, understand, refine, and guide development of the Privacy Framework. The Privacy Framework will be developed through a consensus-driven, open, and collaborative process that will include workshops and other opportunities to provide input.

  • Comments in response to this notice must be received by 5:00 p.m. Eastern time on December 31, 2018.
  • Electronic submissions may be sent to privacyframework@nist.gov, and may be in any of the following formats: HTML, ASCII, Word, RTF, or PDF. Please cite “Developing a Privacy Framework” in all correspondence.
  • Written comments may be submitted by mail to Katie MacFarland, National Institute of Standards and Technology, 100 Bureau Drive, Stop 2000.
  • Comments received by the deadline will be posted here without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information).
  • Advocacy contact: Acting Chief Counsel Major Clark at (202) 205-7150.