Think Policy

IBM Comments to NIST on Privacy Framework

Share this post:

IBM’s Chief Privacy Officer Christina Montgomery submitted the following letter to Katie MacFarland of the National Institute of Standards and Technology (NIST) in support of the organization’s work to create a privacy framework.

Read the full letter below.

Subject: Developing a Privacy Framework – Docket Number 181101997–8997–01

Dear Ms. MacFarland,

IBM appreciates the opportunity to comment on the National Institute of Standards and Technology’s (NIST) Preliminary Draft of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“the Privacy Framework”). IBM has a long history of security and privacy leadership and responsible stewardship of new technologies based on our Trust and Transparency Principles. We strongly support the Privacy Framework and its final publication later this year.

The Privacy Framework is a valuable tool for organizations of all types and sizes to systemically improve privacy protections for individuals in the United States and beyond. Further, its risk- and outcome-based approach provides flexibility to meet diverse privacy needs while enabling technological innovations in areas such as artificial intelligence and the Internet of Things.

We believe that this Privacy Framework will inform any comprehensive national law to strengthen privacy protections in the United States. It is an important step towards making those protections a reality and should give the public greater confidence that industry now has an effective enterprise risk management tool to enhance consumer privacy in the digital age.

Notably, the Privacy Framework:

  • Builds consumer trust by driving robust organizational accountability. The Privacy Framework creates a structured approach to assessing and implementing protections for individuals’ data that drives accountability throughout the organization, from the senior management level down to the operational and engineering level.
  • Makes it easier and more desirable for organizations to implement privacy protections. The Privacy Framework uses the same structure as the successful NIST Cybersecurity Framework, and is flexibly designed to enable organizations to integrate into existing operational controls, including product and business development operations.
  • Is interoperable with global standards, which facilitates compliance and responsible data management across an organization’s enterprise, and advances privacy protected cross border data flows, which is critical for our global digital economy.
    With a view towards continuous improvement, we are attaching additional specific comments for your consideration.

IBM commends the NIST Privacy Framework team for its dedication to what was a truly collaborative framework development process, with participation by a wide variety of stakeholders and receptivity to public feedback. We look forward to the final publication of the Privacy Framework and plan to promote its adoption.


Christina Montgomery
Chief Privacy Officer, IBM

To read more about IBM’s priorities for a national consumer privacy law, click here.

More Think Policy stories

Economic Recommendations to European Governments

The COVID-19 pandemic poses a worldwide threat and stress-test to our social, economic and political life. A stress-test that showed alarming shortcomings in certain areas of the economy.    On 27 May 2020, the European Commission published their recovery plan ‘Europe’s moment: Repair and prepare for the next generation‘. However difficult, the COVID-19 pandemic provides […]

Continue reading

Five Technology Design Principles to Combat Domestic Abuse

Our tech ecosystem is teeming with innovators who constantly bring us products and devices that improve lives. In a COVID-19 world where self-isolation has become the norm, we have gained a new appreciation for technology’s ability to bring us together and enhance our wellbeing. While there is no doubt that technology has tremendous potential for […]

Continue reading

IBM Statement on the EARN IT Act

IBM today released the following statement on the EARN IT Act, sponsored by Senator Lindsey Graham and Senator Richard Blumenthal: “IBM welcomes the leadership Senators Graham and Blumenthal have shown in taking on the challenge of curbing harmful and illegal online content. Businesses should have to earn liability exemptions by taking reasonable care to stop […]

Continue reading