Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Request a Consultation

NIST Privacy Framework
Get Started

With the drive to protect personal data from exposure, frameworks such as the CCPA at the state level, and the GDPR at the international level, have emerged in recent years. Numerous states and countries have issued similar frameworks to support consumer protection and a growing interest in privacy as a human right. While some in the US have been hesitant to adopt such standards, organizations who fall under existing compliance requirements have largely already worked to comply with relevant standards, in order to support ongoing business in privacy-regulated states or countries.

Privacy Frameworks are Here to Stay

With current trends indicating a global movement towards increased privacy regulation, and since so many of the requirements across frameworks overlap one another, the National Institute of Standards and Technology (NIST) has worked to aggregate requirements for a single framework that supports compliance across multiple standards. The voluntary set of controls, published as the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework), was intended to support privacy for consumers and enterprise stakeholders alike:

    • Building customers’ trust by supporting ethical decision-making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole; (Source,
    • Fulfilling current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and
    • Facilitating communication about privacy practices with individuals, business partners, assessors, and regulators.

The Overlap Between Privacy and Cybersecurity

While privacy entails, to a great degree, practices and policies around how you handle personal data (however that is being defined by the privacy frameworks with which you must comply), there is also an overlap with data protection. For example, it would not make sense to assure your customers that the data they share with you will not be given to any other organizations, but store it in an unsecured place where cyberattackers can access, exfiltrate, and publish that data. The NIST Privacy Framework takes into account the importance of not only creating sound policies for collecting, storing, and processing personal or consumer data, but also how you protect it. This framework has sought to incorporate the privacy requirements of existing and emerging standards, so when you choose the NIST Privacy Framework as your standard, you are likely to meet compliance requirements for multiple other frameworks by default.