Skip to content

There are few published statistics regarding the adoption rate of privacy frameworks. The statistics that do exist have questionable reliability, primarily owing to sampling bias and self-reporting bias. For example, studies that ask clients of an organization that creates a privacy framework whether they adopted the privacy framework are likely to overreport adoption rates, as are studies that poll members of privacy organizations who may be predisposed to work at organizations that are more likely to have adopted a privacy framework. That said, a study published by the International Association of Privacy Professional (IAPP) of a small number of its members reported that 28% of companies had adopted the NIST privacy framework. A slightly smaller number of companies reported adopting the ISO 27701 privacy framework.1

1  IAPP-FTI Consulting Annual Privacy Governance Report 2020 at 67.