NIST has developed these hypothetical use cases to improve understanding of how to develop Profiles to increase collaboration and dialogue across organizations and support risk-based decisions. If you’d like to share a real implementation success story, privacyframework [at] nist.gov (contact us). They provide examples of how an organization might develop its Profiles using the Ready, Set, Go model in Section 3.3 of the Privacy Framework. There is no set model or format for developing Profiles, so each organization may select what works best for its environment and communication style. Moreover, these hypothetical Profiles are not intended to be comprehensive or cover every Category or Subcategory that an organization may select in a given scenario; they are designed merely to provide illustrations of how the Privacy Framework Core could be used.
A Simplified Method for Establishing or Improving a Privacy Program
Ready: use the Identify-P and Govern-P Functions to get “ready.”
Set: “set” an action plan based on the differences between Current and Target Profile(s).
Go: “go” forward with implementing the action plan.