Show leadership in privacy by adopting the Privacy Framework to support:
The Framework can help you answer the fundamental question, “How are we considering the privacy impacts to individuals as we develop our systems, products, and services?” To account for the unique needs of your organization, use of the Framework is flexible, although it is designed to complement existing business and system development operations. For example, if you already have robust privacy risk management processes, you might use the Core’s five Functions as a streamlined way to analyze and articulate any gaps. Alternatively, if your organization is seeking to establish a privacy program, you can use the Core’s Categories and Subcategories as a reference. For a more in depth look at some of the ways you can use it, see Section 3 of the Framework.
NIST has developed these hypothetical use cases to improve understanding of how to develop Profiles to increase collaboration and dialogue across organizations and support risk-based decisions. If you’d like to share a real implementation success story, privacyframework [at] nist.gov (contact us).
The Privacy Framework Resource Repository contains resources to support organizations’ use of the Privacy Framework. Resources include crosswalks, common Profiles, guidance, and tools. NIST encourages new contributions and feedback on these resources as part of the ongoing collaborative effort to improve implementation of the Privacy Framework.
“Global privacy landscape is becoming even more complex today. To meet the expectation to privacy from 200 million users around the world, LINE has always been committed to and seeking an opportunity to improve our privacy program. LINE decided to become an early adopter of NIST Privacy Framework because it provides a flexible and comprehensive roadmap for visualizing and improving our privacy program. We sincerely applaud the effort of NIST for developing this Framework. We expect that the Framework will be widely accepted as its sibling Cybersecurity Framework is, as we see it a prominent instrument for protecting the integrity of this data-driven economy.”
- Takesh Nakayama, Chief Privacy Officer and Chief Information Security Officer, LINE
January 16, 2020
“We’re excited to see this effort make the progress it has made in since it began over a year ago – the NIST Privacy Framework is an important step forward in helping organizations of all types understand what is actually necessary to control when an organization has plans to use any sensitive information in their business. At athenahealth and in healthcare broadly, privacy is at the core of the profession. To now have a serious endeavor to defining what that means in a way that harmonizes the various approaches industry has tried to implement to protect data into a single set, developed by many voices, has the potential to be transformative.”
- Taylor Lehmann, VP, Chief Information Security Officer, AthenaHealth
January 16, 2020
“Data Privacy is an important issue that impacts every person with a digital footprint. Careless and inappropriate use of personal information destroys the trust that is necessary for activities we all participate in every day. With the proper frameworks in use, individuals and organizations will have greater confidence in how they engage in certain transactions (healthcare, banking, and technology, to name a few). This, in turn, will continue to support a growing and stable economy. FairWarning supports the use of best practices and applauds NIST in the release of its well-crafted Privacy Framework. We look forward to continuing our collaboration and striving to create a culture of privacy in our customers' organizations and beyond.”
- Ed Holmes, CEO, FairWarning
January 16, 2020
"The NIST Privacy Framework is an invaluable tool in creating clear and accessible communication across a variety of business groups; facilitating a broader awareness of complex privacy risks and the strong intersection of privacy risk and organizational risk. The intentional design of the NIST Privacy Framework provides a mechanism to connect conceptual privacy principles and specific technical requirements, fueling dynamic discussions and creative solutions as a result of stronger collaboration across business groups."
- Lauren Ulvestad, Principal Data Protection & Privacy Product Engineer, Cardiac Rhythm & Heart Failure (CRHF), Medtronic
January 24, 2020
Check out our frequently asked questions about using the NIST Privacy Framework for more information.