In 2019, the International Organization for Standards joint technical committee ISO/IEC JTC1, Information technology subcommittee SC27, developed a privacy framework that was intended to build off of the existing ISO data security standards – i.e., ISO/IEC 27001:2013 (Information security management systems) and ISO/IEC 27002:2013 (Code of practice for information security controls) – by integrating into

The NIST privacy framework refers to the term “current profile” to describe the current state of a company’s privacy program in relation to a specific Subcategory. So, for example, a company might include the following description in its current profile for the following subcategory:

Subcategory Current Profile
ID.IM-P1: Systems/products/services that process data are inventoried. The

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory.  Categories are intended to be subdivisions of the Functions, and groupings of the Subcategories. In total, the NIST privacy framework contains 18 Categories.

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. So, for example, the concept that a data subject should have the right to access their personal information is found within NIST under the Core

In 2020, the National Institute of Standards and Technology, a part of the United States Department of Commerce, developed a privacy framework that was intended to help organizations identify and manage privacy risks. Like the ISO 29100 privacy framework that predated it, the NIST privacy framework is designed to provide common terminology to communicate privacy-related