Data Responsibility

IBM’s Unwavering Commitment to Protecting Client Data

Share this post:

By Christopher A. Padilla, Vice President, IBM Government and Regulatory Affairs

In 2014, IBM was among the first American technology companies to state publicly that we were not involved in bulk data collection programs implemented by the U.S. government. That same communication to our global client base spelled out clearly the steps IBM would take to challenge U.S. government requests for access to client data, stored in other countries, that did not respect international legal agreements.

More recently, as part of our global commitment to the responsible stewardship of data, we reiterated our position addressing requests for data access made by any government.

Passage of new legislation in the United States has prompted fresh questions about the ability of law enforcement agencies to access data stored abroad. The Clarifying Lawful Overseas Use of Data – or CLOUD – Act does not provide a “backdoor” to client data stored outside the United States. It sets up a new mechanism by which governments may agree to provide lawful access to data stored under their jurisdiction to another government, under pre-agreed legal conditions and safeguards such as judicial warrants.

IBM has earned the trust of our clients over more than a century of doing business. We take seriously our obligation to preserve that trust, and this legislation in no way alters IBM’s stance on government access to client data. We have reiterated our clear, longstanding position in the following statement:

“IBM has well-established policies and practices, summarized in Data Responsibility@IBM and initially put forward in 2014, which make very clear that IBM will not provide access to client data stored outside the lawful jurisdiction of any government requesting such data, unless the request is made through internationally recognized legal channels such as mutual legal assistance treaties (MLATs).”

“The CLOUD Act establishes an additional legal channel by which governments could agree bilaterally on procedures and safeguards to handle lawful requests for data stored under each other’s legal jurisdiction.”

“In the absence of such a bilateral agreement or other internationally recognized legal channels such as an existing MLAT, IBM will take appropriate steps to challenge requests for data stored outside a government’s legal jurisdiction through judicial action or other means.”


Media Contact:
Adam R. Pratt
Ph: (202) 551-9625

More Data Responsibility stories

Data Stewardship and the Importance of Export Compliance in the IBM Cloud

This spring IBM published our Principles for Trust and Transparency, which outline how we protect our clients’ data and insights and how we usher new innovative technologies into the world responsibly. These principles are more than just words — they are a model for how IBM treats our customers’ data, everyday, everywhere.

Continue reading

IBM’s Response to EU Agreement on Legislation Regarding the Free Flow of Data

We understand the European Parliament, European Commission and EU Member States have reached an agreement on legislation that will enable the free flow of data across the European Union. Free flow of data is vital for European innovation, for the growth of businesses of all sizes and for achieving a Digital Single Market.

Continue reading

IBM’s Principles for Trust and Transparency

For more than a century, IBM has earned the trust of our clients by responsibly managing their most valuable data, and we have worked to earn the trust of society by ushering powerful new technologies into the world responsibly and with clear purpose. IBM has for decades followed core principles – grounded in commitments to […]

Continue reading