Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Happy First Birthday, NIST Privacy Framework!

birthday boy
Credit: Michelle D. Milliman/

Grab a cupcake or several—no judgment—and join us in celebrating the first birthday of the NIST Privacy Framework! Here at NIST, we feel like proud parents supporting the framework’s implementation over the past year, listening to all the amazing things stakeholders have to say, and learning from the organizations who are already using it. We have lots of “gifts” for you, our stakeholders, so read on to learn all about them!

One Year with the Privacy Framework

Like everyone, we can’t say good-bye fast enough to 2020, but there’s no doubt that the attention that the framework has been getting is a testament to the enduring importance of privacy concerns.

Privacy Framework - Top 10 Countries by Downloads

In recognition of the global use of the framework, we’re announcing our first translations in Spanish and Portuguese! We welcome additional translations of the framework to better support international adoption.

We’re always getting asked if we know how many organizations are using the framework. From the recent International Association of Privacy Professionals (IAPP) and FairWarning report, we now know that more than a quarter of survey respondents had adopted the NIST Privacy Framework less than a year after its release.

Check out our complete Privacy Framework at 1 Year infographic for more noteworthy stats and accomplishments.

New Privacy Framework Resources

Our Resource Repository continues to expand, with over 40 resources now available to support organizations’ use of the framework. We’re delighted to announce a couple major new arrivals:

  • Jeewon Serrato, a partner at BakerHostetler, has contributed a much needed crosswalk to the California Consumer Privacy Act (CCPA).
  • With the recent release of NIST Special Publication 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, we’ve added a crosswalk with the Privacy Framework and the Cybersecurity Framework.

We are grateful for all of the stakeholder contributions to the community resources that serve to strengthen everyone’s privacy practices. Keep the contributions coming!

We’ve also revamped our New to the Framework webpage with a whole range of resources for different interest levels and sizes of organizations. Grab another cupcake (or some popcorn) and watch our brand new video  from our Emmy award winning video team dramatizing the discovery of the framework and starring a fabulous group of privacy experts.

The NIST Privacy Framework
The NIST Privacy Framework

We’ve heard consistently that small and medium businesses would benefit from dedicated resources aimed at simplifying the framework. To help meet this need, today we’re releasing a Privacy Framework quick start guide. Although nominally for small and medium businesses, this guide is intended to help any organization with constrained resources get a risk-based privacy program off the ground or improve an existing one.

Do you want to dig a little deeper into the framework and learn how some organizations are actually using it? Check out our new 20-minute Privacy Framework: At a Glance recording. Perfect for fitting in between meetings. If you have a bit more time, don’t forget about our Privacy Framework 101 webinar. This deep dive is loaded with information about every part of the framework.

Making Headway on the Privacy Framework Roadmap

Over the past year, we used the Privacy Framework Roadmap to prioritize our next steps. Among these efforts, we heard repeatedly about the need for a skilled and knowledgeable workforce capable of managing privacy risk, so we’re working with the community to make progress on this substantial challenge. At the September 2020 virtual workshop Help Wanted: Growing a Workforce Capable of Managing Privacy Risk,hosted by the IAPP, we obtained great feedback from highly engaged stakeholders to inform the development of a privacy workforce taxonomy aligned with the NICE Framework. In the coming months, we plan to launch a public working group to build out the taxonomy. We’ll have more information to share soon about how you can participate in this important effort.

Privacy Framework - 4th most view blog images

We also launched a blog series all about differential privacy – covering the basics, applicable use cases, and some of the open source tools available right now for implementation. The series is designed to have a little something for everyone, from business process owners, privacy program personnel, privacy engineers, to IT professionals. We plan to complete the series this year with the longer-term goal of transforming the blogs into a guideline for deploying differential privacy. We encourage you to read the posts and ask questions or provide comments to inform the guideline.

The Party Doesn’t Stop Here

Privacy Framework Blog Equifax Quote image

There’s nothing quite like the sight of a one-year-old enjoying birthday cake and making a huge mess in the process. While we hope your use of the framework isn’t quite so messy, we know that managing privacy risk can be challenging. We hope that this year, the Privacy Framework helps you achieve a more systematic approach to managing privacy risk so that you can innovate while maintaining the trust of your customers – something truly worth celebrating!

To receive periodic updates about Privacy Framework efforts, sign up for our mailing list.

About the author

Naomi Lefkovitz

Naomi Lefkovitz is the Senior Privacy Policy Advisor in the Information Technology Lab at the National Institute of Standards and Technology, U.S. Department of Commerce. Her portfolio includes work on the National Strategy for Trusted Identities in Cyberspace (NSTIC), privacy engineering, privacy-enhancing technologies, cybersecurity and standards development.

FierceGovernmentIT named Ms. Lefkovitz on their 2013 “Fierce15” list of the most forward-thinking people working within government information technology, and she is a 2014 Federal 100 Awards winner.

Before joining NIST, she was the Director for Privacy and Civil Liberties in the Cybersecurity Directorate of the National Security Staff in the Executive Office of the President. Her portfolio included the NSTIC as well as addressing the privacy and civil liberties impact of the Obama Administration’s cybersecurity initiatives and programs.

Prior to her tenure at the White House, Ms. Lefkovitz was a senior attorney with the Division of Privacy and Identity Protection at the Federal Trade Commission. Her responsibilities focused primarily on policy matters, including legislation, rulemakings, and business and consumer education in the areas of identity theft, data security and privacy.

At the outset of her career, she was Assistant General Counsel at CDnow, Inc., an early online music retailer.

Ms. Lefkovitz holds a B.A. with honors in French Literature from Bryn Mawr College and a J.D. with honors from Temple University School of Law.


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.