Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Help Celebrate Data Privacy Week & NIST Privacy Framework’s 2nd Birthday!

Global Communication Digital Device Information Concept
Credit: Shutterstock/Rawpixel.com

Today’s blog celebrates Data Privacy Week, an international awareness initiative led by the National Cyber Security Alliance to help spread awareness about online privacy. NIST is very proud to participate again this year in this initiative that was successfully expanded from a single day event to a weeklong effort.

At NIST, our NIST Privacy Engineering Program plays an integral role in establishing trustworthiness in information system technologies. This blog aims to highlight NIST’s accomplishments in the privacy field, as well as celebrate the two-year anniversary of the NIST Privacy Framework! We interviewed Naomi Lefkovitz, Senior Privacy Policy Advisor in NIST’s Information Technology Lab. Here is what we asked—and what she had to say:

Can you please explain what the NIST Privacy Framework is and talk a bit about how it’s used?

The NIST Privacy Framework is a voluntary tool that can help organizations better manage privacy risks and increase trust in their products and services. It’s designed to help organizations prioritize and communicate the outcomes and activities necessary for achieving their privacy objectives. In the past two years, we’ve seen a range of organizations using it from multinational companies using it to organize foundational privacy programs that they can then tailor to meet their compliance obligations in different jurisdictions to small local government privacy programs using it to build their programs and increase privacy benefits for residents in key areas such as health services, law enforcement, and smart cities initiatives. We’re thrilled that the framework provides so much value to so many different types of organizations.

You are celebrating the two-year anniversary of the Privacy Framework this year – can you tell us some of the major highlights of the past two years? 

Definitely one of the highlights was learning from a report put out by the International Association of Privacy Professionals and FairWarning that less than a year after the framework’s release more than a quarter of the survey respondents were already using it. That told us there was a real demand for this kind of tool. As a public servant, there’s nothing more satisfying than knowing you’re meeting a need. We’re also proud of the number of resources that we’ve been able to make available to support implementation of the framework. Our Learning Center houses a quick start guide for small and medium businesses, educational videos for every level of interest, and access to our repository of community contributions of mappings of the framework to key laws and regulations among other resources. We’re also happy to announce a new resource category - Success Stories - with our first from Arlington County, Virginia. We welcome more contributions from stakeholders willing to share their successes and lessons learned with the rest of the community! Learn about additional highlights in our two-year anniversary infographic.

Why is Data Privacy Week important to you and your program at NIST?

Data Privacy Week puts the spotlight on the importance of privacy in enabling trust in the technologies that are most impactful on our society.  Privacy is essential for safeguarding equity and the civil rights and liberties - key components of this Administration’s platform for upholding our democratic values. We’ve been delighted to use this week to showcase some of the exciting work we’re doing at NIST to support these efforts such as our blog series on how to implement differential privacy and our integration of privacy into our cybersecurity guidance in topical areas such as crossover use of personal mobile devices for work purposes. 

What direction do you think is needed for privacy to meet the technology challenges of today and for the future?

While we continue to need policy that is targeted at current societal challenges and encourages effective privacy solutions, as a field, we need to mature the developing discipline of privacy engineering to produce those effective privacy solutions. For example, we don’t even yet have a consistent understanding of the role of a privacy engineer. We also need to increase our capabilities to move from research on privacy-enhancing technologies to widescale adoption and standardization. Only then will we be able to realize the full promise of these technologies to help us attain the benefits of our data-driven society while minimizing privacy risks.

What are some new things that NIST working on that you’re excited about?

We’ve got lots going on this year! To address those privacy workforce challenges the 600+ members of our Privacy Workforce Public Working Group will be continuing to create descriptions of tasks, knowledge, and skills aligned with the Privacy Framework. We’re also part of a US-UK partnership to hold bilateral prize challenges to advance privacy-enhancing technologies. And now that we’ve completed our differential privacy blog series, we’ll be using it as a foundation to develop more in-depth guidelines. Look for a first draft sometime this summer! These are just a few of the areas we’ll be working on, but we always welcome feedback on stakeholder priorities at PrivacyEng [at] nist.gov (PrivacyEng[at]nist[dot]gov) or privacyframework [at] nist.gov (privacyframework[at]nist[dot]gov).

About the author

Naomi Lefkovitz

Naomi Lefkovitz is the Senior Privacy Policy Advisor in the Information Technology Lab at the National Institute of Standards and Technology, U.S. Department of Commerce. Her portfolio includes work on the National Strategy for Trusted Identities in Cyberspace (NSTIC), privacy engineering, privacy-enhancing technologies, cybersecurity and standards development.

FierceGovernmentIT named Ms. Lefkovitz on their 2013 “Fierce15” list of the most forward-thinking people working within government information technology, and she is a 2014 Federal 100 Awards winner.

Before joining NIST, she was the Director for Privacy and Civil Liberties in the Cybersecurity Directorate of the National Security Staff in the Executive Office of the President. Her portfolio included the NSTIC as well as addressing the privacy and civil liberties impact of the Obama Administration’s cybersecurity initiatives and programs.

Prior to her tenure at the White House, Ms. Lefkovitz was a senior attorney with the Division of Privacy and Identity Protection at the Federal Trade Commission. Her responsibilities focused primarily on policy matters, including legislation, rulemakings, and business and consumer education in the areas of identity theft, data security and privacy.

At the outset of her career, she was Assistant General Counsel at CDnow, Inc., an early online music retailer.

Ms. Lefkovitz holds a B.A. with honors in French Literature from Bryn Mawr College and a J.D. with honors from Temple University School of Law.

Comments

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.