Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.



Show leadership in privacy by adopting the Privacy Framework to support:

  • Building customers’ trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole;
  • Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
  • Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators.

The Framework can help you answer the fundamental question, “How are we considering the privacy impacts to individuals as we develop our systems, products, and services?” To account for the unique needs of your organization, use of the Framework is flexible, although it is designed to complement existing business and system development operations. For example, if you already have robust privacy risk management processes, you might use the Core’s five Functions as a streamlined way to analyze and articulate any gaps. Alternatively, if your organization is seeking to establish a privacy program, you can use the Core’s Categories and Subcategories as a reference. For a more in depth look at some of the ways you can use it, see Section 3 of the Framework.


Hypothetical Use Cases

NIST has developed these hypothetical use cases to improve understanding of how to develop Profiles to increase collaboration and dialogue across organizations and support risk-based decisions. If you’d like to share a real implementation success story, contact us.

See Hypothetical Use Cases

Resource Repository

The Privacy Framework Resource Repository contains resources to support organizations’ use of the Privacy Framework. Resources include crosswalks, common Profiles, guidance, and tools. NIST encourages new contributions and feedback on these resources as part of the ongoing collaborative effort to improve implementation of the Privacy Framework.

Visit the Repository

So you’ve adopted the Framework: what’s next?

  • Show your support. To share a supportive quote that NIST can publish, contact us.
  • Help the community. Contribute crosswalks, common Profiles, and guidance and tools supporting Framework implementation to the Resource Repository.
  • Share feedback to inform future versions. To provide implementation feedback or share an implementation success story, contact us.


“Global privacy landscape is becoming even more complex today. To meet the expectation to privacy from 200 million users around the world, LINE has always been committed to and seeking an opportunity to improve our privacy program.  LINE decided to become an early adopter of NIST Privacy Framework because it provides a flexible and comprehensive roadmap for visualizing and improving our privacy program. We sincerely applaud the effort of NIST for developing this Framework.  We expect that the Framework will be widely accepted as its sibling Cybersecurity Framework is, as we see it a prominent instrument for protecting the integrity of this data-driven economy.” 
- Takesh Nakayama, Chief Privacy Officer and Chief Information Security Officer, LINE
January 16, 2020

“We’re excited to see this effort make the progress it has made in since it began over a year ago – the NIST Privacy Framework is an important step forward in helping organizations of all types understand what is actually necessary to control when an organization has plans to use any sensitive information in their business. At athenahealth and in healthcare broadly, privacy is at the core of the profession. To now have a serious endeavor to defining what that means in a way that harmonizes the various approaches industry has tried to implement to protect data into a single set, developed by many voices, has the potential to be transformative.” 
Taylor Lehmann, VP, Chief Information Security Officer, AthenaHealth
January 16, 2020

“Data Privacy is an important issue that impacts every person with a digital footprint. Careless and inappropriate use of personal information destroys the trust that is necessary for activities we all participate in every day. With the proper frameworks in use, individuals and organizations will have greater confidence in how they engage in certain transactions (healthcare, banking, and technology, to name a few). This, in turn, will continue to support a growing and stable economy. FairWarning supports the use of best practices and applauds NIST in the release of its well-crafted Privacy Framework. We look forward to continuing our collaboration and striving to create a culture of privacy in our customers' organizations and beyond.”
- Ed Holmes, CEO, FairWarning 
January 16, 2020

"The NIST Privacy Framework is an invaluable tool in creating clear and accessible communication across a variety of business groups; facilitating a broader awareness of complex privacy risks and the strong intersection of privacy risk and organizational risk.  The intentional design of the NIST Privacy Framework provides a mechanism to connect conceptual privacy principles and specific technical requirements, fueling dynamic discussions and creative solutions as a result of stronger collaboration across business groups."
- Lauren Ulvestad, Principal Data Protection & Privacy Product Engineer, Cardiac Rhythm & Heart Failure (CRHF), Medtronic
January 24, 2020

Interested in learning more?

Check out our frequently asked questions about using the NIST Privacy Framework for more information.

See Framework Use FAQs

Created January 8, 2020, Updated April 8, 2020