IBM Comments to NIST on Privacy Framework
Share this post:
IBM’s Chief Privacy Officer Christina Montgomery submitted the following letter to Katie MacFarland of the National Institute of Standards and Technology (NIST) in support of the organization’s work to create a privacy framework.
Read the full letter below.
Subject: Developing a Privacy Framework – Docket Number 181101997–8997–01
Dear Ms. MacFarland,
IBM appreciates the opportunity to comment on the National Institute of Standards and Technology’s (NIST) Preliminary Draft of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“the Privacy Framework”). IBM has a long history of security and privacy leadership and responsible stewardship of new technologies based on our Trust and Transparency Principles. We strongly support the Privacy Framework and its final publication later this year.
The Privacy Framework is a valuable tool for organizations of all types and sizes to systemically improve privacy protections for individuals in the United States and beyond. Further, its risk- and outcome-based approach provides flexibility to meet diverse privacy needs while enabling technological innovations in areas such as artificial intelligence and the Internet of Things.
We believe that this Privacy Framework will inform any comprehensive national law to strengthen privacy protections in the United States. It is an important step towards making those protections a reality and should give the public greater confidence that industry now has an effective enterprise risk management tool to enhance consumer privacy in the digital age.
Notably, the Privacy Framework:
- Builds consumer trust by driving robust organizational accountability. The Privacy Framework creates a structured approach to assessing and implementing protections for individuals’ data that drives accountability throughout the organization, from the senior management level down to the operational and engineering level.
- Makes it easier and more desirable for organizations to implement privacy protections. The Privacy Framework uses the same structure as the successful NIST Cybersecurity Framework, and is flexibly designed to enable organizations to integrate into existing operational controls, including product and business development operations.
- Is interoperable with global standards, which facilitates compliance and responsible data management across an organization’s enterprise, and advances privacy protected cross border data flows, which is critical for our global digital economy.
With a view towards continuous improvement, we are attaching additional specific comments for your consideration.
IBM commends the NIST Privacy Framework team for its dedication to what was a truly collaborative framework development process, with participation by a wide variety of stakeholders and receptivity to public feedback. We look forward to the final publication of the Privacy Framework and plan to promote its adoption.
Chief Privacy Officer, IBM
To read more about IBM’s priorities for a national consumer privacy law, click here.