This is something that organizations can choose to use. We are a standards body, not a regulatory agency.
> developed in collaboration with stakeholders
We actually talked to people who need and use standards of this sort. We integrated their feedback.
> intended to help organizations identify and manage privacy risk
The goal is to help organizations understand the chances they are taking with private data.
> build innovative products and services while protecting individuals’ privacy
While still being able to actually make use of the data to accomplish goals that matter in some way.
----
Basically, this is completely comprehensible to most people and organizations who expect to be making use of this sort of standard. Like any technical document, it has a specialized vocabulary. It is not written for, and should not be judged by, the prose expectations of the general population.
NIST has writers. They are technical writers who are writing technical documentation intended for technical readers. We should calibrate our expectations accordingly.
I agree full stop. Would like to know background of parent poster just to understand his motivation for criticizing.
Was he writing with negative approach just because he can or he just failed to get the meaning between the lines because he is not the target audience?
At a guess, not the target audience combined with a failure to recognize it as a technical document. The latter is completely understandable. NIST uses words that can be found in daily business use, but they take on technical meanings.
I disagree. It's a overly wordy and imprecise read for the kind of person who is the target audience (which is what "technical" means here). Further, this sort of translation only works on this particular snippet because it's an introduction and statement of purpose. The policy details would not translate nearly so well or coherently.
You may as well request that IETF RFCs be rendered into lay language. You can do it, but it would likely make them much less useful as specifications.
> The NIST Privacy Framework is a voluntary tool
This is something that organizations can choose to use. We are a standards body, not a regulatory agency.
> developed in collaboration with stakeholders
We actually talked to people who need and use standards of this sort. We integrated their feedback.
> intended to help organizations identify and manage privacy risk
The goal is to help organizations understand the chances they are taking with private data.
> build innovative products and services while protecting individuals’ privacy
While still being able to actually make use of the data to accomplish goals that matter in some way.
----
Basically, this is completely comprehensible to most people and organizations who expect to be making use of this sort of standard. Like any technical document, it has a specialized vocabulary. It is not written for, and should not be judged by, the prose expectations of the general population.
NIST has writers. They are technical writers who are writing technical documentation intended for technical readers. We should calibrate our expectations accordingly.