In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.
As previously reported, the National Institute of Standards and Technology (NIST) is developing a voluntary Privacy Framework in collaboration with private- and public-sector stakeholders. The goal is to help organizations better identify, assess, manage, and communicate their privacy risks. Other benefits anticipated from this project are fostering the growth of innovative approaches to protecting individual privacy and creating greater trust in products and services that may use the Framework once it is established.
The National Institute of Standards and Technology (NIST) published its request for information (RFI) covering a series of questions designed to assist in the development of a voluntary framework meant to improve the management of the privacy risk that could arise from the collection, storage and use of individuals’ information in the Federal Register on November 14, 2018.
The Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a Notice seeking comments on a proposed federal consumer data privacy approach. In a parallel effort, the Commerce Department’s National Institute of Standards and Technology is developing a voluntary privacy framework to help organizations manage risk.
The Internet Association (IA), a group of 40 major internet and technology firms, called for the establishment of a national privacy framework anchored by six privacy principles on Wednesday. In its press release announcing the principles, the IA indicated its support for the American approach to federal privacy legislation that is “consistent nationwide, proportional, flexible, and encourages companies to act as good stewards of the personal information provided to them by individuals.”
Expanded use of Electronic Health Records (EHRs) is an integral component of the ongoing modernization of the U.S. health care system through digitalization. Among the anticipated advantages of using EHRs are improvements in patient care (e.g., through faster access to relevant information and consequently improved care coordination), increased patient engagement, as well as reduction of medical errors and cost savings. On the other hand, implementing EHRs in a sustainable and legally compliant way requires upfront investment in hardware, software, training, workflow restructuring, as well as management of risks unique to electronic records, such as vulnerability to malicious interference. When EHRs are combined with mobile platforms, the cybersecurity risks multiply. Addressing this latest challenge can be daunting, both for medical practices and EHR product providers.