U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Insights

a NIST blog

Celebrating Data Privacy Week with NIST’s Privacy Engineering Program

By: Ellen Nadeau, Meghan Anderson, Nakia Grayson and Diane Wertime

Share

Privacy Framework
Credit: NIST

Grab your party hats – it’s Data Privacy Week!

Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration of this week, the NIST Privacy Engineering Program is reflecting on recent work and looking ahead to what’s coming in the new year.

Throughout 2026, we plan to continue collaborating with our privacy stakeholder community to develop and advance privacy risk management guidelines to help organizations of all sizes. Below is a sneak peek of what we have in store for this year. Keep an eye on our website for upcoming announcements about new publications, workshops, and other ways to engage with us.

Privacy Framework Version 1.1

In 2025, we released the Initial Public Draft of the Privacy Framework Version 1.1, and you showed up in a big way! We heard robust, thoughtful feedback from stakeholders across various sectors. We reviewed every comment received, along with insights we heard in working sessions, to craft the final version of the Privacy Framework 1.1 (which is coming soon in 2026!). The Privacy Framework, Version 1.1 responds to current privacy risk management needs, realigns with the NIST Cybersecurity Framework 2.0, and enhances usability.

During the Initial Public Draft’s comment period, we heard from stakeholders that there is a desire for new supplemental materials that support effective implementation of the Privacy Framework. In response, we’re excited to expand our suite of guidance this year! A few supplemental resources we anticipate developing later this year include:

  • Implementation Guidance: We’re developing examples for how an organization could implement subcategories in the Privacy Framework 1.1! While the Privacy Framework is technology- and sector-agnostic, this implementation guidance can offer tailored examples.
  • New Quick Start Guide for Small and Medium-Sized Business: Small- and medium-sized businesses asked for additional guidance on how to kick-start privacy risk management efforts with their unique environments. This Quick Start Guide will walk organizations through practical ways to implement the Privacy Framework 1.1.
  • NIST Privacy Workforce Taxonomy & Privacy Framework 1.1 Mapping: This new mapping will connect how the Privacy Workforce Taxonomy’s Task, Knowledge, and Skill Statements align with the Privacy Framework 1.1’s updated Core.
  • PF 1.1 Use Case: For additional hands-on implementation support, we’ll release a use case illustrating how a hypothetical organization could implement the Privacy Framework 1.1.

Differential Privacy Publications & Deployment Registry

In 2025, we were thrilled to release NIST 800-226, Guidelines for Evaluating Differential Privacy Guarantees. This publication is meant to help practitioners of all backgrounds better understand how to think about differentially private software solutions.

As follow-on work, we proposed a NIST-hosted database of differential privacy deployments—all contributed by community members. We published a draft describing the data schema, and the working group envisioned to maintain this repository – and were so pleased with the robust response to our open comment period. In 2026, we look forward to finalizing this repository and welcoming community contributions!

Data Governance and Management Profile

We’re continuing our work on Data Governance and Management (DGM)! Through this initiative, we plan to release a Profile, demonstrating how to use the NIST Privacy Framework and Cybersecurity Framework to address data governance and management activities for your organization.

This year we plan to release new material and host a virtual workshop to hear your feedback. Join our mailing list to receive updates about the workshop announcement in the coming months!

We hope that you will join us in the celebration this week by checking out the privacy resources available on the NIST Privacy Engineering Program and Privacy Framework websites. To receive updates on all the exciting work we have planned, join our mailing list here. Stay tuned for more to come in 2026!

Publications

About the author

Ellen Nadeau

Ellen Nadeau

Ellen is the Founder of Coralline. She works with NIST in developing privacy and security risk management guidance and tools. Previously, she led the Privacy Engineering and Data Protection team at Cruise, and was a federal employee with the NIST Privacy Engineering Program.

Meghan Anderson image

Meghan Anderson

Meghan Anderson is a privacy risk strategist with the Privacy Engineering Program at the National Institute of Standards and Technology, U.S. Department of Commerce. She supports the development of privacy engineering, international privacy standards, and privacy risk management guidance. Meghan has a Bachelor’s in Emergency Preparedness, Homeland Security, and Cybersecurity with a concentration in Cybersecurity and a minor in Economics from the University of Albany, SUNY and a Master’s in Cybersecurity from the Georgia Institute of Technology (Georgia Tech).

Image of Nakia Grayson

Nakia Grayson

Nakia Grayson is part of the Privacy Engineering Program at the National Institute of Standards and Technology (NIST). She supports the Privacy Engineering Program with development of privacy risk management best practices, guidance and communications efforts. She also leads Supply Chain Assurance project efforts at the National Cybersecurity Center of Excellence (NCCoE). Nakia serves as the Contracting Officer Representative for NIST cybersecurity contracts. She holds a Bachelor’s in Criminal Justice from University of Maryland-Eastern Shore and a Master’s in Information Technology, Information Assurance and Business Administration from the University of Maryland University College.

Diane Wertime

Diane Wertime

Diane is an IT Specialist in NIST’s Privacy Office and Assessment & Authorization Program, currently on detail in the Privacy Engineering Program in NIST’s Information Technology Laboratory. Previously, she was a nonprofit executive dedicated to leveraging people and technology for social impact, as well as a Senior Consultant at Deloitte Consulting, where she provided Strategy & Operations services to the USPS, VA, and other U.S. federal agencies on digital transformation, enterprise cybersecurity, and risk management solutions. She holds a B.A. from the University of California at Berkeley, an M.P.A. from the George Washington University, and GISF and CIPP/US certifications in cybersecurity and privacy.

Related Posts

Celebrating 1 Year of CSF 2.0

It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are

Comments

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.
Was this page helpful?