Data Responsibility

IBM’s Unwavering Commitment to Protecting Client Data

Share this post:

By Christopher A. Padilla, Vice President, IBM Government and Regulatory Affairs

In 2014, IBM was among the first American technology companies to state publicly that we were not involved in bulk data collection programs implemented by the U.S. government. That same communication to our global client base spelled out clearly the steps IBM would take to challenge U.S. government requests for access to client data, stored in other countries, that did not respect international legal agreements.

More recently, as part of our global commitment to the responsible stewardship of data, we reiterated our position addressing requests for data access made by any government.

Passage of new legislation in the United States has prompted fresh questions about the ability of law enforcement agencies to access data stored abroad. The Clarifying Lawful Overseas Use of Data – or CLOUD – Act does not provide a “backdoor” to client data stored outside the United States. It sets up a new mechanism by which governments may agree to provide lawful access to data stored under their jurisdiction to another government, under pre-agreed legal conditions and safeguards such as judicial warrants.

IBM has earned the trust of our clients over more than a century of doing business. We take seriously our obligation to preserve that trust, and this legislation in no way alters IBM’s stance on government access to client data. We have reiterated our clear, longstanding position in the following statement:

“IBM has well-established policies and practices, summarized in Data Responsibility@IBM and initially put forward in 2014, which make very clear that IBM will not provide access to client data stored outside the lawful jurisdiction of any government requesting such data, unless the request is made through internationally recognized legal channels such as mutual legal assistance treaties (MLATs).”

“The CLOUD Act establishes an additional legal channel by which governments could agree bilaterally on procedures and safeguards to handle lawful requests for data stored under each other’s legal jurisdiction.”

“In the absence of such a bilateral agreement or other internationally recognized legal channels such as an existing MLAT, IBM will take appropriate steps to challenge requests for data stored outside a government’s legal jurisdiction through judicial action or other means.”


Media Contact:
Adam R. Pratt
Ph: (202) 551-9625

More Data Responsibility stories

On Privacy Day, Remembering How Much Work Still Lies Ahead

International Data Privacy Day is meant to raise awareness about how personal data is being used, collected and shared in today’s digital society. That’s critically important, as we know that data privacy is increasingly top of mind for so many of us. A recent Morning Consult poll of consumers in the U.S. and E.U. commissioned […]

Continue reading