The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. So, for example, the concept that a data subject should have the right to access their personal information is found within NIST under the Core Function of Control, which describes those activities that are intended to help develop and implement appropriate activities to enable organizations or individuals to manage data with sufficient granularity to manage privacy risks, the Core Category of Data Processing Management, and the Subcategory of “Data elements can be accessed for review.”