NIST privacy meeting highlights legal issues raised in drafting risk-management framework

The National Institute of Standards and Technology's drafting of a privacy risk-management framework has highlighted the legal implications of the effort, marking a distinct difference from the agency's development of its landmark cybersecurity framework in 2013-2014, while responding to an emergence of regulatory requirements that some say are driving the effort this time around.

NIST kicked off its two-day meeting in Atlanta last week with a presentation from a leading lawyer who mapped out what's at stake for the regulated...