Sec. 601. National Institute of Standards and Technology privacy research and development
401 words·~2 min read·
/bill/119/hr/8014/ih/section-601A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 2 of the National Institute of Standards and Technology Act ( 15 U.S.C. 272 ) is amended by adding at the end the following: In carrying out the activities under subsection (c)(19), the Director, in consultation and collaboration with the Director of the Digital Privacy Agency, shall, to the extent practicable and appropriate carry out the following: Develop, and periodically update, in collaboration with appropriate Federal agencies, industry, State, local, and Tribal governments, civil society, other nonprofit organizations, and the Information Security and Privacy Advisory Board, a privacy risk management framework that covers risks associated with data processing and that— identifies voluntary, consensus-based technical standards, guidelines, best practices, methodologies, procedures, and processes for— developing privacy-enhanced information systems and networks, including emerging technologies; and assessing and mitigating privacy risks to help organizations protect individuals’ privacy in information systems and networks; establishes common definitions and characterizations for aspects of privacy risk management; provides case studies and risk profiles of framework implementation; provides guidance to enable organizations to use the framework to meet privacy requirements from Federal, State, local, and Tribal governments and international policymakers; incorporates voluntary, consensus-based technical standards and best practices; facilitates use by regulators and markets with the aim of reducing barriers to trade; and does not prescribe or otherwise require the use of specific information or communications technology products or services.
Carry out research associated with mitigating privacy risks associated with information systems and networks, including to inform periodic updates to the privacy risk management framework developed pursuant to paragraph (1). In consultation with the Director of the Digital Privacy Agency, the Federal Trade Commission, and other related sector-specific risk management agencies, support the development of guidance and risk profiles to help organizations utilize the privacy risk management framework developed pursuant to paragraph (1), to the extent practicable, to adopt privacy requirements and regulations established by the Federal Government, States, and international policymakers.
Support activities to improve the efficacy and applicability of privacy-preserving computing, de-identification techniques and processes, and other technological means of mitigating individuals’ privacy risks by enhancing predictability, manageability, disassociability, and confidentiality. Support and strategically engage in the development of voluntary, consensus-based technical standards for privacy-enhanced systems and networks, including international technical standards, through open, transparent, and consensus-based processes.
Conduct such other activities as determined necessary by the Director to help public and private sector organizations mitigate the privacy risks associated with information systems and networks. .
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 601
National Institute of Standards and Technology privacy research and development
Cites 1Cited by 0 across 0 sources