USTelecom Opposes NIST Conflating Privacy and Cyber in New Document
The National Institute of Standards and Technology should maintain a clear distinction between privacy and cybersecurity guidelines in its public draft document for device manufacturers, USTelecom said in comments to NIST on Monday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
NIST in May released an initial public draft of its document, “Foundational Cybersecurity Activities for IoT Product Manufacturers.” The document recommends cyber practices for IoT manufacturers.
Blurring the lines between privacy and cybersecurity “may limit the practical application of the guidance, as organizations with varying privacy policies might find it difficult to align with requirements that conflate the two,” said USTelecom: Cyber guidance “should focus on technical and organizational safeguards to protect the integrity, availability, and confidentiality of systems.”
“Privacy practices, on the other hand, often depend on legal, cultural, or sector-specific requirements that vary significantly between jurisdictions and organizations,” it said. Conflating the two risks limiting entities that are "able or willing to implement the recommendations, particularly in global or multi-jurisdictional markets.”