Think Policy

IBM Comments to NIST on Privacy Framework

Share this post:

IBM’s Chief Privacy Officer Christina Montgomery submitted the following letter supporting the National Institute of Standards and Technology’s work to create a privacy framework.

Read the full letter below.

Subject: Developing a Privacy Framework – Docket Number 181101997–8997–01

Dear Ms. MacFarland,

IBM appreciates the opportunity to comment on the National Institute of Standards and Technology’s (NIST) Preliminary Draft of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“the Privacy Framework”). IBM has a long history of security and privacy leadership and responsible stewardship of new technologies based on our Trust and Transparency Principles. We strongly support the Privacy Framework and its final publication later this year.

The Privacy Framework is a valuable tool for organizations of all types and sizes to systemically improve privacy protections for individuals in the United States and beyond. Further, its risk- and outcome-based approach provides flexibility to meet diverse privacy needs while enabling technological innovations in areas such as artificial intelligence and the Internet of Things.

We believe that this Privacy Framework will inform any comprehensive national law to strengthen privacy protections in the United States. It is an important step towards making those protections a reality and should give the public greater confidence that industry now has an effective enterprise risk management tool to enhance consumer privacy in the digital age.

Notably, the Privacy Framework:

  • Builds consumer trust by driving robust organizational accountability. The Privacy Framework creates a structured approach to assessing and implementing protections for individuals’ data that drives accountability throughout the organization, from the senior management level down to the operational and engineering level.
  • Makes it easier and more desirable for organizations to implement privacy protections. The Privacy Framework uses the same structure as the successful NIST Cybersecurity Framework, and is flexibly designed to enable organizations to integrate into existing operational controls, including product and business development operations.
  • Is interoperable with global standards, which facilitates compliance and responsible data management across an organization’s enterprise, and advances privacy protected cross border data flows, which is critical for our global digital economy.
    With a view towards continuous improvement, we are attaching additional specific comments for your consideration.

IBM commends the NIST Privacy Framework team for its dedication to what was a truly collaborative framework development process, with participation by a wide variety of stakeholders and receptivity to public feedback. We look forward to the final publication of the Privacy Framework and plan to promote its adoption.


Christina Montgomery
Chief Privacy Officer, IBM

To read more about IBM’s priorities for a national consumer privacy law, click here.

More Think Policy stories

Miracles on Four Feet

I’ve always been a “dog person,” but never knew anything about how service dogs are raised and trained, or realized how essential they are to the independence and well-being of the people who depend on them. Then my world got turned upside down. My husband, Michael – a fellow IBMer – suffered a stroke during […]

Continue reading

IBM Welcomes US-Japan Trade Agreement

IBM today issued the following statement welcoming the US-Japan trade agreement:

Continue reading

Sustaining Corporate Environmental Leadership Every Day, Every Week, Every Year

As Climate Week begins today, environmental issues are more relevant than ever. IBM has been one of industry’s earliest and staunchest corporate environmental leaders, with environmental programs that extend over 50 years. The company has sustained its commitment regardless of changes in economic cycles, business or technology. That’s because corporate environmental leadership is the right […]

Continue reading