Sec. 601. National Institute of Standards and Technology privacy research and development
386 words·~2 min read·
/bill/118/hr/2701/ih/section-601A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 2 of the National Institute of Standards and Technology Act ( 15 U.S.C. 272 ) is amended by adding at the end the following: In carrying out the activities under subsection (c)(19), the Director shall, to the extent practicable and appropriate— develop, and periodically update, in collaboration with appropriate Federal agencies, industry, State, local, and Tribal governments, civil society, other nonprofit organizations, and the Information Security and Privacy Advisory Board, a privacy risk management framework that covers risks associated with data processing and that shall— identify voluntary, consensus-based technical standards, guidelines, best practices, methodologies, procedures, and processes for— developing privacy-enhanced information systems and networks, including emerging technologies; and assessing and mitigating privacy risks to help organizations protect individuals’ privacy in information systems and networks; establish common definitions and characterizations for aspects of privacy risk management; provide case studies and risk profiles of framework implementation; provide guidance to enable organizations to use the framework to meet privacy requirements from Federal, State, local, and Tribal governments and international policymakers; incorporate voluntary, consensus-based technical standards and best practices; facilitate use by regulators and markets with the aim of reducing barriers to trade; and not prescribe or otherwise require the use of specific information or communications technology products or services; carry out research associated with mitigating privacy risks associated with information systems and networks, including to inform periodic updates to the privacy risk management framework developed pursuant to paragraph (1); in consultation with the Director of the Digital Privacy Agency, the Federal Trade Commission, and other related sector-specific risk management agencies, support the development of guidance and risk profiles to help organizations utilize the privacy risk management framework developed pursuant to paragraph (1), to the extent practicable, to adopt privacy requirements and regulations established by the Federal Government, States, and international policymakers; support activities to improve the efficacy and applicability of privacy-preserving computing, de-identification techniques and processes, and other technological means of mitigating individuals’ privacy risks by enhancing predictability, manageability, disassociability, and confidentiality; support and strategically engage in the development of voluntary, consensus-based technical standards for privacy-enhanced systems and networks, including international technical standards, through open, transparent, and consensus-based processes; and conduct such other activities as determined necessary by the Director to help public and private sector organizations mitigate the privacy risks associated with information systems and networks. .
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 601
National Institute of Standards and Technology privacy research and development
Cites 1Cited by 0 across 0 sources