The Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem. As a result, individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services. At the same time, organizations may not realize the full extent of these consequences for individuals, for society, or for their enterprises, which can affect their brands, their bottom lines, and their future prospects for growth.
To support organizations in better protecting individuals’ privacy, and to help bring privacy risk into parity with other risks such as cybersecurity and safety that organizations manage in their risk portfolios, NIST engages with stakeholders to develop privacy guidance, tools, and international standards. NIST’s Privacy Engineering Program focuses on advancing privacy practices through the application of measurement science and system engineering principles. The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.