Small business advisers: NIST privacy framework should include list of 'have-to-dos'

The privacy risk management framework being developed by the National Institute of Standards and Technology is too complicated for small and medium sized businesses to implement and should come with an easier-to-use supplemental guide, consultants for those entities told NIST officials in critiquing a discussion draft of the document.

“It may not be overwhelming to us, but it's overwhelming to the customers,” the participants at NIST's recent Atlanta workshop on the framework told facilitators, referring to the document, which looks...