Companies need to be transparent about data processing

The IAPP has a great article on the FTC’s comments regarding the NIST draft Privacy Framework. It’s great to see a regulator’s perspective on a framework. They recommend five changes. I think the most significant one is the clarification on how organizations collect, use, and share data. If the general public can start to understand how companies process personal data, they can make better decisions regarding using the company.

Questions the FTC recommends that companies start asking themselves that will benefit all of us:

• “Given the context of the organization’s interaction with consumers, what would be their reasonable expectations regarding the organization’s data processing practices (including collection, use, sharing, and storage)?"

• "What are the organization’s public-facing representations regarding its data processing practices and are those representations prominent and understandable?"

• "Are the organization’s actual data processing practices in alignment with individual expectations and public-facing representations?"