Stakeholders: Transparency key in determining whether privacy framework should provide safe harbor

The role of transparency is central to a debate over including in federal privacy legislation a safe harbor from regulatory enforcement and lawsuits for entities using the National Institute of Standards and Technology's emerging privacy risk management framework.

“Transparency and documentation is essential,” participants at NIST's recent workshop on the framework in Atlanta told Inside Cybersecurity.

One consultant for the healthcare industry referenced Ohio's Data Protection Act providing a safe harbor for implementation of a cybersecurity program that “reasonably conforms”...