USACM Submits Comments to NIST on Privacy Risk Management for Federal Information Systems
USACM today submitted comments to NIST on the draft report, Privacy Risk Management for Federal Information Systems (NISTIR 8062). USACM supports NIST’s efforts to define a framework to help manage growing privacy risk in the processing of personal information in federal information technology systems.
Among the comments, USACM recommends that NIST consider providing additional discussion of the interrelationship of privacy risk management with the other risks that federal agencies manage. Many privacy risks are interdependent with other types of risks, data actions, and processes. Ideally, the framework would describe how these work in tandem to address risk comprehensively.
USACM expresses appreciation for NIST’s ongoing attention to privacy issues and efforts to help federal agencies better manage their privacy risks through sound privacy policies and practices.