May 14, 2021

Volume XI, Number 134

Advertisement

May 13, 2021

Subscribe to Latest Legal News and Analysis

May 12, 2021

Subscribe to Latest Legal News and Analysis

May 11, 2021

Subscribe to Latest Legal News and Analysis

All About Privacy Frameworks

What is a privacy framework?

A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime.  Instead, the framework attempts to establish a privacy program that is separate and apart from the legal requirements of one, or more, specific jurisdictions.

What is the most popular privacy framework?

There are few published statistics regarding the adoption rate of privacy frameworks. The statistics that do exist have questionable reliability, primarily owing to sampling bias and self-reporting bias. For example, studies that ask clients of an organization that creates a privacy framework whether they adopted the privacy framework are likely to overreport adoption rates, as are studies that poll members of privacy organizations who may be predisposed to work at organizations that are more likely to have adopted a privacy framework. That said, a study published by the International Association of Privacy Professionals (IAPP) of a small number of its members reported that 28% of companies had adopted the NIST privacy framework. A slightly smaller number of companies reported adopting the ISO 27701 privacy framework.1

How many privacy frameworks are out there?

There are numerous privacy frameworks. Some are established by independent organizations such as the International Organization for Standardization (ISO), which established the ISO 29100 privacy framework. Others are established by standard-setting bodies related to specific countries or governments. For example, the United States National Institute of Standards and Technology (NIST) established a NIST Privacy Framework. Other privacy frameworks are created by private companies, trade associations, or organizations.

IAPP-FTI Consulting Annual Privacy Governance Report 2020 at 67.

Advertisement
©2021 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XI, Number 106
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement