As the world increasingly moves online, and immersive technologies gain wider adoption both within government and businesses as well as in the consumer market, a framework for security and privacy for these devices is required. From headsets to other wearables and related sensors, eXtended Reality (XR) technologies are now capable of gathering untold quantities of biometric data about users, potentially everything from a user's location and skin color to their eye and hand positions at any given time. The National Institute of Standards and Technology (NIST) has offered basic guidance, while regional laws such as General Data Protection Regulations (GDPR), Children’s Online Privacy Protection Rule (COPPA), and Family Educational Rights and Privacy Act (FERPA) govern some forms of data in specific locations. Despite the existing guidelines and regional laws, comprehensive protections are not in place to protect individuals and stakeholders in XR. With this in mind, the XR Safety Initiative (XRSI) developed a Privacy Framework that sets a baseline set of standards, guidelines, and best practices that are regulation agnostic. It incorporates privacy requirements drawn from the GDPR, NIST guidance, FERPA, COPPA, and other evolving laws. The framework is designed to adapt and include novel requirements as new regulations come into effect. With version 1.1 expected to be published in the Spring of 2021, this paper provides an overview of the framework, how it was developed, and highlights changes and additions in v1.1. We also discuss who can benefit from it and offer guidance to organizations, developers, and service providers on how to implement the framework for added security and privacy designed into their product or service. This paper also provides government customers with an understanding of what a security posture beyond traditional authorities to operate (ATOs) should include as more organizations look to adopt emerging technologies such as XR.