Secure Controls Framework
↓ Download SCF
Start Here ▼
What Is The SCF?SCRMS – How To Implement The SCFSCF Domains & PrinciplesIncluded Laws, Regulations & Frameworks (LRF)Set Theory Relationship Mapping (STRM)NIST OLIR ParticipationESG Considerations
Free Content ▼
SCF DownloadRisk Management Model (SCR-RMM)Capability Maturity Model (SCR-CMM)Cybersecurity Assessment Standards (CDPAS)Mergers, Acquisitions & Divestitures (MA&D)Data Privacy Management Principles (DPMP)Evidence Request List (ERL)Unified Scoping Guide (USG)
SCF CORE
GRC Fundamentals ▼
Common Cybersecurity Frameworks
NIST CSF 2.0ISO 27001 / ISO 27002NIST SP 800-53PCI DSS
Word Crimes & Emerging Trends
Word CrimesEmerging Trends
US (FED) – CMMCUS (FED) – DFARS 252.204-70XXUS (NY) – NY DFS 23 NYCRR Part 500US (FED) – GLBAUS (FED) – HIPAA / HITECHUS (FED) – SOXUS (TX) – SB 2610EU – DORAEU – NIS2 DirectiveCIS Critical Security Controls (CSC)NIST SP 800-161NIST SP 800-171NIST SP 800-172Trust Services Criteria (SOC 2)Metaframework – HITRUSTMetaframework – Unified Compliance (UC)
Policy vs Standard vs ProcedureRisks vs ThreatsStrategy vs Operations vs TacticsInheritance vs Reciprocity
TPRM & SCRMIntegrityResilienceMSP / MSSP Dumpster Fire
GRC Basics
The Output Of GRC PracticesCybersecurity MaterialityLaws vs Regulations vs Frameworks
Common Cybersecurity Laws
US (FED) - FedRampUS (FED) - GLBAUS (FED) - HIPAA / HITECHUS (FED) - SOXUS (CA) - CCPA / CPRAUS (TX) - SB 2610EU - DORAEU - GDPREU - NIS2 Directive
Common Cybersecurity Regulations
US (FED) - CMMCUS (FED) - DFARS 252.204-70xxUS (NY) - NY DFS 23 NYCRR Part 500
Common Cybersecurity Frameworks
CIS Critical Security Controls (CSC)ISO 27001 / ISO 27002NIST CSF 2.0NIST SP 800-53NIST SP 800-161NIST SP 800-171NIST SP 800-172PCI DSSTrust Services Criteria (SOC 2)Metaframework - HITRUSTMetaframework - Unified Compliance (UC)
Word Crimes
Policy vs Standard vs ProcedureRisks vs ThreatsStrategy vs Operations vs TacticsInheritance vs Reciprocity
Emerging Trends
TPRM & SCRMIntegrityResilienceCybersecurity MaterialityMSP / MSSP Dumpster Fire
SCF Certified ▼
Organization-Level SCF Certifications
SCF Conformity Assessment Program (CAP)SCF Assessment Guides
SCF Training & Individual-Level Certifications
SCF PractitionerSCF ArchitectSCF Assessor
Marketplace ▼
SCF Connect (SSOT)SCF Licensed Content Providers (LCPs)Registered Provider Organizations (RPOs)Authorized Control Integrator (ACI)Authorized Solution Provider (ASP)Third-Party Assessment Organizations (3PAOs)
FAQAboutSwag

SCF Free Content

Data Privacy Management Principles

A comprehensive, unified set of privacy management principles mapped to over 30 leading privacy frameworks — providing a common language for cybersecurity and data privacy programs worldwide.

31

Mapped Frameworks

86

Privacy Principles

11

Organized Domains

Go To The SCF Download PageExplore Additional SCF Content

Overview

What Are the DPMP?

In support of the Cybersecurity & Data Privacy by Design (C|P) initiative, a volunteer effort created the SCF Data Privacy Management Principles (DPMP). When combined with the broader C|P initiative, these privacy management principles form an excellent foundation for building and maintaining secure systems, applications, and services that address cybersecurity and privacy considerations by default and by design.

Many cybersecurity and even privacy professionals struggle to identify what best practice looks like when selecting a set of privacy principles for an organization to align to. The DPMP was created by reviewing over a dozen of the most common privacy frameworks and establishing a unified set of simplified, yet comprehensive, privacy management principles.

Mapped to the SCF

Every principle is directly mapped to SCF controls, so organizations can leverage a single framework for both cybersecurity and privacy compliance.

Common Language

Eliminates the “apples to oranges” comparison between disparate privacy frameworks by providing a unified set of principles that simplify multi-requirement compliance.

Included in the SCF Download

The DPMP is available as a tab within the SCF download — all principles are mapped to the SCF for both cybersecurity and privacy needs.

Key Benefits

Why Use the DPMP?

🔗

Direct SCF Control Mapping

Every privacy principle is mapped directly to SCF controls, enabling organizations to leverage a single framework for both cybersecurity and data privacy compliance programs.

🌐

Common Language Across 31 Frameworks

Eliminates the “apples to oranges” comparison between disparate privacy frameworks by creating a unified, simplified set of privacy management principles.

🏗️

Privacy by Design Foundation

Combined with the Cybersecurity & Data Privacy by Design (C|P) initiative, the DPMP provides a strong foundation for building systems that address privacy by default.

📋

Framework Origin Tracking

Each principle shows its direct mapping to the leading privacy frameworks, so you can trace the origin and understand the regulatory basis of every included principle.

Framework Coverage

31 Mapped Privacy Frameworks

The DPMP identified the leading privacy frameworks globally and created a unified set of simplified, yet comprehensive, privacy management principles mapped to each.

1 · AICPA TSC 2017:2022 (SOC 2) 2 · APEC Privacy Framework 2015 3 · GAPP — Generally Accepted Privacy Principles 4 · ISO 27701:2025 5 · ISO 29100:2024 6 · NIST Privacy Framework 1.0 7 · NIST 800-53 R5 8 · NIST CSF 2.0 9 · OECD Privacy Principles 10 · US Federal — Data Privacy Framework (DPF) 11 · US Federal — FIPPs

12 · US Federal — HIPAA Admin. Simplification 2013 13 · US State — Alaska PIPA 14 · US State — California CCPA / CPRA Jan 2026 15 · US State — Colorado Privacy Act 16 · US State — Illinois BIPA 17 · US State — Illinois IPA 18 · US State — Illinois PIPA 19 · US State — Nevada SB220 20 · US State — Oregon SB 619 21 · US State — Tennessee Info Protection Act

22 · US State — Texas BC521 23 · US State — Virginia CDPA 2025 24 · US State — Vermont Act 171 of 2018 25 · EMEA — EU GDPR 26 · EMEA — Saudi Arabia PDPL 27 · APAC — Australia Privacy Act 28 · APAC — Australian Privacy Principles 29 · APAC — India DPDPA 2023 30 · APAC — New Zealand Privacy Act 2020 31 · Americas — Canada PIPEDA

Structure

11 Privacy Principles — 75 Sub-Principles

The seventy-five principles of the SCF Data Privacy Management Principles are organized into eleven principles covering the full spectrum of privacy management.

01

Privacy by Design

02

Data Subject Participation

03

Limited Collection & Use

04

Transparency

05

Data Lifecycle Mgmt

06

Data Subject Rights

07

Security by Design

08

Incident Response

09

Risk Management

10

Third-Party Mgmt

11

Business Environment

Get Started

Download the SCF Today

The DPMP is included as a tab within the free SCF download. No registration required.

Go To The SCF Download PageExplore Additional SCF Content

Licensed under Creative Commons. Volunteer-driven by the SCF Council. No registration required.

Secure Controls Framework

FREE cybersecurity metaframework. Creative Commons licensed. Volunteer-driven. Used worldwide.

Terms and Conditions
Download the SCF
Join the SCF Discord
Blog
Sponsors
Donate to the SCF
Privacy Notice
Cookie Notice

Start Here

Free Content

Resources

© 2026 Secure Controls Framework Council. Common Controls Framework™ is a registered trademark.

Sitemap