Think Policy

IBM Comments to NIST on Privacy Framework

Share this post:

IBM’s Chief Privacy Officer Christina Montgomery submitted the following letter to Katie MacFarland of the National Institute of Standards and Technology (NIST) in support of the organization’s work to create a privacy framework.

Read the full letter below.

Subject: Developing a Privacy Framework – Docket Number 181101997–8997–01

Dear Ms. MacFarland,

IBM appreciates the opportunity to comment on the National Institute of Standards and Technology’s (NIST) Preliminary Draft of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“the Privacy Framework”). IBM has a long history of security and privacy leadership and responsible stewardship of new technologies based on our Trust and Transparency Principles. We strongly support the Privacy Framework and its final publication later this year.

The Privacy Framework is a valuable tool for organizations of all types and sizes to systemically improve privacy protections for individuals in the United States and beyond. Further, its risk- and outcome-based approach provides flexibility to meet diverse privacy needs while enabling technological innovations in areas such as artificial intelligence and the Internet of Things.

We believe that this Privacy Framework will inform any comprehensive national law to strengthen privacy protections in the United States. It is an important step towards making those protections a reality and should give the public greater confidence that industry now has an effective enterprise risk management tool to enhance consumer privacy in the digital age.

Notably, the Privacy Framework:

  • Builds consumer trust by driving robust organizational accountability. The Privacy Framework creates a structured approach to assessing and implementing protections for individuals’ data that drives accountability throughout the organization, from the senior management level down to the operational and engineering level.
  • Makes it easier and more desirable for organizations to implement privacy protections. The Privacy Framework uses the same structure as the successful NIST Cybersecurity Framework, and is flexibly designed to enable organizations to integrate into existing operational controls, including product and business development operations.
  • Is interoperable with global standards, which facilitates compliance and responsible data management across an organization’s enterprise, and advances privacy protected cross border data flows, which is critical for our global digital economy.
    With a view towards continuous improvement, we are attaching additional specific comments for your consideration.

IBM commends the NIST Privacy Framework team for its dedication to what was a truly collaborative framework development process, with participation by a wide variety of stakeholders and receptivity to public feedback. We look forward to the final publication of the Privacy Framework and plan to promote its adoption.


Christina Montgomery
Chief Privacy Officer, IBM

To read more about IBM’s priorities for a national consumer privacy law, click here.

More Think Policy stories

IBM Statement on Schrems Decision and Standard Contractual Clauses

“IBM welcomes the confirmation by the European Court of Justice that Standard Contractual Clauses (SCCs) are a valid mechanism for international data transfers.

Continue reading

Using Data Responsibly to Tackle a Global Emergency

IBM is a company committed to the responsible stewardship of data and technology – at all times and in all circumstances, including today’s global pandemic. Our Principles of Trust and Transparency reflect the longstanding values that have guided generations of IBMers in the development and deployment of new technologies and services to deliver innovation that […]

Continue reading

IBM CEO’s Letter to Congress on Racial Justice Reform

IBM CEO Arvind Krishna today sent the following letter to Congress outlining detailed policy proposals to advance racial equality in our nation.

Continue reading