The NIST privacy framework refers to the term “current profile” to describe the current state of a company’s privacy program in relation to a specific Subcategory. So, for example, a company might include the following description in its current profile for the following subcategory:

Subcategory Current Profile
ID.IM-P1: Systems/products/services that process data are inventoried. The

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory.  Categories are intended to be subdivisions of the Functions, and groupings of the Subcategories. In total, the NIST privacy framework contains 18 Categories.

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. So, for example, the concept that a data subject should have the right to access their personal information is found within NIST under the Core

The ISO 29100 privacy framework sets forth the following 11 core principles:

  1. Consent and choice
  2. Purpose legitimacy and specification
  3. Collection limitation
  4. Data minimization
  5. Use, retention, and disclosure limitation
  6. Accuracy and quality
  7. Openness, transparency, and notice
  8. Individual participation and access
  9. Accountability
  10. Information security
  11. Privacy compliance

The ISO 27701 privacy framework is not explicitly organized using the

While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to the organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards – i.e., a company would ideally be certified in both data security and data privacy. As a result, it is organized based

The International Organization for Standards, better known simply as ISO, is an international standard on how organizations should manage information security. Organizations can obtain a certification from an accredited assessor that it is compliant with ISO security standards.

In 2019, ISO developed a privacy framework that was intended to build off of the existing ISO