Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Hypothetical Use Cases


NIST has developed these hypothetical use cases to improve understanding of how to develop Profiles to increase collaboration and dialogue across organizations and support risk-based decisions. If you’d like to share a real implementation success story, privacyframework [at] (contact us). They provide examples of how an organization might develop its Profiles using the Ready, Set, Go model in Section 3.3 of the Privacy Framework. There is no set model or format for developing Profiles, so each organization may select what works best for its environment and communication style. Moreover, these hypothetical Profiles are not intended to be comprehensive or cover every Category or Subcategory that an organization may select in a given scenario; they are designed merely to provide illustrations of how the Privacy Framework Core could be used.

A Simplified Method for Establishing or Improving a Privacy Program

Ready: use the Identify-P and Govern-P Functions to get “ready.”
Set: “set” an action plan based on the differences between Current and Target Profile(s).
Go: “go” forward with implementing the action plan.

Hypothetical #1: Compliance-oriented Large Organization

Hypothetical #1 (PDF)

Hypothetical #2: Small Business without an Established Privacy Program

Hypothetical #2 (PDF)

Created January 8, 2020, Updated January 16, 2020