February 24, 2021
While its guidance is voluntary, businesses would be well advised to follow NIST's lead, as it has become the gold standard for general Privacy and Data Security compliance in the United States.
Whether business leaders want to keep their regulators unconcerned, their clients happy, or their brand strong with regard to Privacy and Data Security, they'll need to know about NIST's new focuses.
NIST's first priority will be enhancing risk management, and there is a reason this is likely first: there is expected to be a lot of action in this space in 2021 based on recent events. NIST calling attention to enhancing risk management follows John Katko's, Ranking Member of the House of Representatives Homeland Security Committee, call to revamp federal procurement and the government's approach to cybersecurity in the wake of the foreign espionage activity that breached government systems via a third party software provider serving as part of the federal government's overall technology supply chain. Another separate but similar breach has also been discoveredthis one likely orchestrated by malicious actors associated with a different foreign government.
Recognizing the political appetite for supply chain risk reforms and the necessity to avoid such cybersecurity breaches in the future, NIST is opening its Cybersecurity Framework for public comment and is proposing revisions to its Supply Chain Risk Management in Federal Information Systems and Organizations publication.
Businesses that participate (or want to participate) in procurement contracts with the United States Government should be proactive in both commenting on the NIST Cybersecurity Framework and begin adjusting and aligning their technology supply chain operations to NIST standards.
NIST will also be redoubling their focus on Privacy. In 2020, NIST published its Privacy Framework to complement and supplement the NIST Cybersecurity Framework. While the Cybersecurity Framework sets standards to prevent unauthorized access to information, the Privacy Framework addresses standards for the appropriate use and processing of that information. NIST recently released a crosswalk between the Privacy Framework and the California Consumer Protection Act.
The NIST Privacy Framework, like the Cybersecurity Framework, provides voluntary, self-regulatory suggestions and guidance regarding Privacy and Data Security. However, notably, the guidance is increasingly being incorporated into corporate contracts and other laws (e.g., the Federal Trade Commission looking favorably on the Cybersecurity Framework when assessing whether an organization had unreasonably weak cybersecurity protections).
NIST plans to further strengthen cryptographic standards and validation, our everyday encryption technology. These standards are incredibly important as they ensure the protection of valuable information and can, in most instances, help avoid triggering the notification requirements under most state data breach statutes.
NIST will also focus on cybersecurity awareness, training, and education. This is crucially important and one of the areas that can lead to significant liability and public relations disasters when not handled correctly. An example is the Equifax hack in 2017 that affected the sensitive personal data of individuals spanning multiple countries. Nearly half of the total US population was affected, and the total cost of the breach was over $1.7 billion. The causeaccording to the (former) CEO of Equifax when testifying before Congressof Equifax's security program failing was an individual employee in the technology department failing to "heed security warnings." This is an extreme example, but it puts a spotlight on the danger of employeeswhether from ignorance or malicenot acting in compliance with the business's Privacy and Data Security Policies.
Following NIST's advancements in cybersecurity awareness, training, education, and workforce development will likely weigh heavily in favor of allowing a business to mitigate and minimize potential legal repercussions while also protecting important business and consumer information.
NIST will be improving the metrics and measurements around cybersecurity and privacy. NIST's efforts in these areas will help cross-disciplinary teams "speak the same language" and create a common dialogue that will improve policy compliance. Unfortunately, the silos of business operations can create scenarios in which professionals use similar words, but apply them with different concepts and meanings (e.g., authorized, incident, breach), resulting in inadvertent noncompliance or triggering of legal requirements. The development of these standards can help a business improve efficiency and effectiveness at the enterprise level.
Identity and Access Management will take additional prominence in NIST's guidance given current threats and recent events. Responding to needs felt during the COVID-19 pandemic, NIST will be providing guidance on identity and access management with an emphasis on remote work.
NIST will be focusing on developing methods for determining trustworthy networks and trustworthy platforms. The introduction of the fifth generation of wireless connectivity (5G) and the ever-present and growing Internet of Things industry has accelerated the need for Privacy and Data Security best practices around ascertaining and evaluating a system or platform's trustworthiness.
NIST will continue to focus on providing guidance around securing emerging technologies. Organizations seeking to be at the forefront of technology and proactive in its approach to Privacy and Data Security should start by reviewing the technological challenges catching NIST's attention.
It is important, however, to note that NIST is not the be-all-and-end-all of Privacy and Data Security. Regulated industries, such as Healthcare, Finance, or Education, may have their own sector-specific requirements. State governments each have their own privacy and data security regulations which are not obligated to give deference to NISTthough it is common for them to do sowhich is why NIST standards are so often utilized by businesses operating in multiple states. Any business with an international footprint is likely subject to international regulatory regimes not accounted for in the NIST standards.
For counsel on any steps recommended by NIST or other Privacy and Data Security compliance needs and best practices, please do not hesitate to reach out to the Privacy and Data Security team here at Ward and Smith.
-- 2021 Ward and Smith, P.A. For further information regarding the issues described above, please contact Peter N. McClelland, CIPP/US.
This article is not intended to give, and should not be relied upon for, legal advice in any particular circumstance or fact situation. No action should be taken in reliance upon the information contained in this article without obtaining the advice of an attorney.
We are your established legal network with offices in Asheville, Greenville, New Bern, Raleigh, and Wilmington, NC.
Read this article:
- Techlash continues to batter technology sector - Brookings Institution - April 2nd, 2021
- CodeCrew students honored for their work in the technology field - WREG NewsChannel 3 - April 2nd, 2021
- Technology And The Future Of Work In Finance: A Q&A With Paychexs CFO - Forbes - April 2nd, 2021
- Options Technology Announces Acquisition of Fixnetix from DXC Technology - Business Wire - April 2nd, 2021
- Wireless Gigabit Market with COVID-19 impact by Product, Technology, Protocol, End-use and Geography - Global Forecast to 2026 - PRNewswire - April 2nd, 2021
- Europe's chance to lead the green technology race - Financial Times - April 2nd, 2021
- We need to strengthen and accelerate US science and technology progress | TheHill - The Hill - April 2nd, 2021
- Beauty filters are changing the way young girls see themselves - MIT Technology Review - April 2nd, 2021
- Silicon Valley startup invents 'groundbreaking' new technology that could change the way we travel - Greater Greater Washington - April 2nd, 2021
- COVID-19 Has Forced an Evolution of Campus Safety Technology - Campus Safety - Campus Safety Magazine - April 2nd, 2021
- Revolutionary Technology Upgrades to the School of Music - The UCLA Herb Alpert School of Music - UCLA Herb Alpert School of Music - April 2nd, 2021
- TerraLithium Receives Affirmation of Patents for Foundational Lithium Production Processes and Technologies - PRNewswire - April 2nd, 2021
- Align Technology to Announce First Quarter 2021 Results on April 28, 2021 - Yahoo Finance - April 2nd, 2021
- Stocks making the biggest moves in the premarket: J&J, Emergent BioSolutions, Micron Technology & more - CNBC - April 2nd, 2021
- ST Equipment & Technology Teams with Salt River Materials Group on Fly Ash Recycling System - PRNewswire - April 2nd, 2021
- Honeywell To Provide Critical Navigation And Sensor Technology For Pipistrel's Unmanned Cargo Aircraft - PRNewswire - April 2nd, 2021
- Vellore Institute of Technology team electrifies houses in rural Karnataka - The Hindu - April 2nd, 2021
- Aerospace Robotics Market Research Report by Type, by Technology, by Operation - Global Forecast to 2025 - Cumulative Impact of COVID-19 - Yahoo... - April 2nd, 2021
- NASA invests in small business projects to advance technology - Northeast Mississippi Daily Journal - April 2nd, 2021
- Why 3 Analysts Think Micron Technology Stock Is An Attractive Choice - Yahoo Finance - April 2nd, 2021
- How Unity Is Helping Creators Around The World Use Technology To Imagine A Better Future - Forbes - March 31st, 2021
- Wall Street dips, with technology the biggest drag - Reuters - March 31st, 2021
- Technology helps family stay connected to 93-year-old grandfather - NEWS10 ABC - March 31st, 2021
- 'Big Storage' Is the Next Big Technology in the Climate Fight - Bloomberg - March 31st, 2021
- Worldwide Facial Skin Ablative Treatment Industry - by Technology, Application and Demography - ResearchAndMarkets.com - Business Wire - March 31st, 2021
- The science and technology that can help save the ocean - MIT Technology Review - March 31st, 2021
- DJO Invests in Next-Generation Augmented Reality Technology Primed for ASC Market Growth - Business Wire - March 31st, 2021
- InMobi Dominates MMA SMARTIES MENA 2020 with 15 Awards Including Technology Enabler of the Year and Best in Show - Business Wire - March 31st, 2021
- Healthcare Technology Innovator SSG Rolls Out Digital Platforms to Accelerate the Fight Against COVID-19 - Business Wire - March 31st, 2021
- Juniper Research Named as Top Three Most Influential Analyst House Globally by Telco Technology Buyers - Business Wire - March 31st, 2021
- A Technology Partner Can Help Midsize Businesses Accelerate Digital Transformation - SPONSOR CONTENT FROM DELL TECHNOLOGIES AND INTEL - Harvard... - March 31st, 2021
- Global Automotive Antifreeze Market (2020 to 2027) - by Fluid Type, Technology, Application and Distribution Channel - ResearchAndMarkets.com -... - March 31st, 2021
- Investment Opportunities of Big Data Technology in China - Growth, Trends, COVID-19 Impact, and Forecasts 2021-2026 - ResearchAndMarkets.com -... - March 31st, 2021
- ST Equipment & Technology Teams with Salt River Materials Group on Fly Ash Recycling System - Yahoo Finance - March 31st, 2021
- 5 Emerging IoT Technologies You Need To Know In 2021 - CRN - March 31st, 2021
- Successive Technologies and Strapi Announces Strategic Partnership - PR Newswire India - March 31st, 2021
- Spotify Technology S.A. to Announce Financial Results for First Quarter 2021 - Business Wire - March 31st, 2021
- Technology, agriculture's friend for the sustainable farms of the future - Euronews - March 31st, 2021
- House panel offers its plan to double NSF budget and create technology directorate - Science Magazine - March 31st, 2021
- Building customer relationships with conversational AI - MIT Technology Review - March 31st, 2021
- TPConnects, the Technology Provider, Announces That Eastern Airlines is Investing in New Distribution Capabilities With IATA's NDC Level 4... - March 31st, 2021
- MetroWest towns and cities working together to offer clean energy technology - MetroWest Daily News - March 31st, 2021
- Vietnam's CamLy Group Founder introduces innovative technology to the global market, adding to her inspirational businesses ventures - Yahoo Finance - March 31st, 2021
- Outlook on the Cell Therapy Global Market to 2027 - by Therapy Type, Product, Technology, Application, End-user and Geography - GlobeNewswire - March 31st, 2021
- Worldwide Aircraft Maintenance Tooling Industry to 2027 - Featuring Farwest Aircraft, Inspection Technologies and Red Box Aviation Among Others -... - March 31st, 2021
- Black graduates 'shut out' of academic science and technology careers - The Guardian - March 29th, 2021
- Global Cloud-based Data Lake Market Technology Progress, Business Opportunities and Analysis 2021 to 2027 | Top Companies Analysis- Amazon Web... - March 29th, 2021
- Governor Lamont Announces Launch of Information Technology Optimization Process Within State Government - CT.gov - March 18th, 2021
- Retalon Announces Breakthrough Application of Deep Learning Technology in Business Specific Predictive Analytics - PRNewswire - March 18th, 2021
- MIT Technology Review Announces EmTech Next 2021 Virtual Conference, June 8-10, hosted in partnership with Harvard Business Review - PRNewswire - March 18th, 2021
- DOD Working With Norway to Develop High-Speed Propulsion Technologies - Department of Defense - March 18th, 2021
- Is Amkor Technology (AMKR) Outperforming Other Computer and Technology Stocks This Year? - Yahoo Finance - March 18th, 2021
- Citizens of the Week: Teens Teach Technology - The Philadelphia Citizen - March 18th, 2021
- Seniors receiving free virtual coaching on learning how to use technology - 13newsnow.com WVEC - March 18th, 2021
- FinFet Technology Market is Anticipated to Touch USD 268.66 Million by 2025 Growing at 40.3% CAGR | Market Research Future (MRFR) - Yahoo Finance - March 18th, 2021
- This BYU facial recognition technology is designed with hackers and accessibility in mind - KSL.com - March 18th, 2021
- Technology IPOs A Meeting of Cultures at the Tel Aviv Stock Exchange - JD Supra - March 18th, 2021
- Transplace Expands Logistics Technology Platform to Europe with its Newest Technology Release and the Opening of an Office in the Netherlands -... - March 18th, 2021
- Quanterix' Simoa Technology Accelerates Critical Plasma Biomarker Research Presented at the 15th International Conference on Parkinson's &... - March 18th, 2021
- Outsourcing Marketing Technology Support To Boost Efficiency and Profits - Part 2 - JD Supra - March 18th, 2021
- Leveraging AI/NLP technology to reduce health inequities and improve patient outcomes - MedCity News - March 18th, 2021
- Bob Bain Productions and Berlin Entertainment Choose TVU Networks' Technology for Seamless, Virtual Production of the 26th Annual Critics Choice... - March 18th, 2021
- First American Data & Analytics Named One of the Most Innovative Technology Companies in Both Mortgage and Real Estate by HousingWire Magazine -... - March 18th, 2021
- Hearing aid makers tackle the technology's 'number one problem' with AI - STAT - March 18th, 2021
- Interstellar disc that blasted by Earth was not alien technology. Heres what it was. - Mahoning Matters - March 18th, 2021
- Dicapta Corporation Accessibility Technology Makes It Possible For DeafBlind Individuals To Watch An Oscar-Nominated Film About Themselves For The... - March 18th, 2021
- Centerville police to crack down on speeding with help from new technology - WHIO Radio - March 18th, 2021
- How Mason City Schools Is Using Technology To Monitor Students' Mental Health - WVXU - March 18th, 2021
- Texas Medical Technology Launches Its Smart iNitrile Device for Putting on Sterile Gloves Easily, Safely, and Automatically - Business Wire - March 18th, 2021
- Insights on the Environmental Remediation Technologies Global Markets to 2025 - by Technology and Industry Application - Yahoo Finance UK - March 18th, 2021
- How HCCC's upgrades will help ensure health of everyone on campus - The Times Telegram - March 18th, 2021
- DataTrace Named One of the Most Innovative Technology Companies in Real Estate by HousingWire Magazine - Business Wire - March 18th, 2021
- SoftServe Wins Best Technology Response at the GSA Professional Awards 2020 - Business Wire - March 18th, 2021
- Nokia Technology To Be Integrated Across AWS, Google And Microsoft Platforms - Yahoo Tech - March 18th, 2021
- Securus Technologies Provides 40 Million Free Phone Calls to Incarcerated Americans Through First Year of COVID-19 Assistance - PRNewswire - March 18th, 2021
- Global Automatic Optical Inspection Market- GPEL Electronic GmbH, Koh Young Technology Inc., Mek Europe BV, Among Others to Contribute to the Market... - March 18th, 2021
- LOral technology incubators Guive Balooch on marrying beauty and tech - Glossy - March 11th, 2021
- Clevertouch by Boxlight Helps to Refresh Technology for The British Academy - Yahoo Finance - March 11th, 2021
- How technology helped Houston fight against the pandemic - InnovationMap - March 11th, 2021
- Global Indoor Farming Technology Markets, 2020-2021 & 2026 - Opportunities in the Development of Innovative and Cost-Effective Technologies &... - March 11th, 2021