BPI, ABA, and SIFMA Provide Recommendations to NIST on Draft Privacy Framework

BPI, ABA, and SIFMA Provide Recommendations to NIST on Draft Privacy Framework

Media Contact:
Sean Oblack, 202.289.2456 (BPI)

Sarah Grano, 202.663.5470 (ABA)

Katrina Cavalli, 212.313.1181 (SIFMA)

For Immediate Release
October 24, 2019

Washington, D.C. — Today, BPI, through its technology policy division known as ‘BITS’, along with the American Bankers Association (ABA) and the Securities Industry and Financial Markets Association (SIFMA), submitted a comment letter to the U.S. Department of Commerce regarding the National Institute of Standards and Technology’s (NIST) preliminary draft of the Privacy Framework. The Privacy Framework is a voluntary tool designed to help organizations of all sizes identify and assess privacy risk and implement solutions to better protect consumers.

“Modernization and the digitization of our economy have created numerous benefits for individuals, businesses, and society, but we must ensure all organizations take responsibility for managing and protecting individuals’ information,” the Associations wrote in their letter.  “We believe that the NIST Privacy Framework can serve as a valuable tool that organizations may use to build and adapt a privacy program that fits the size, complexity, risk profile, and unique attributes of a particular institution and their sector.”

This is the Associations’ second comment letter on the Privacy Framework.  In the most recent draft of the Privacy Framework, NIST included many of the recommendations submitted in the Associations’ January 2019 joint comment letter. In today’s letter the Associations urge NIST to further refine the Privacy Framework in the following four ways:

  1. Align definitions within the Framework to well-established privacy terms. The current draft includes a glossary of privacy terms but does not include or reference terms widely used by privacy professionals.
  2. Ensure references to ethical decision making appropriately recognize the lack of objective standards. The agency should instead adopt the approach taken within the financial sector of “responsible” use of data.
  3. Provide a mechanism to help organizations address conflicts of law and demonstrate compliance. Organizations are facing a patchwork of emerging state laws, data localization requirements, data security demands, and individual data rights, which creates inconsistencies and at times conflict, and poses considerable challenges that NIST could help to address.
  4. Clarify intersections of the Privacy Framework with the NIST Cybersecurity Framework (CSF). Data privacy protections and cybersecurity are inter-related, and stronger cross-references could be established, specifically with regards to breaches.



About Bank Policy Institute.
The Bank Policy Institute (BPI) is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the United States. Collectively, they employ almost 2 million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.

Follow us on Twitter @BankPolicy and https://bpi.com  and subscribe to our BPInsights weekly newsletter (at the bottom of our homepage), which summarizes our latest research, comment letters, and blog posts, and links to notable developments of the week.

About the American Bankers Association
The American Bankers Association is the voice of the nation’s $18 trillion banking industry, which is composed of small, regional and large banks. Together, America’s banks employ more than 2 million men and women, safeguard $14 trillion in deposits and extend more than $10 trillion in loans.

SIFMA is the leading trade association for broker-dealers, investment banks and asset managers operating in the U.S. and global capital markets. On behalf of our industry’s nearly 1 million employees, we advocate on legislation, regulation and business policy, affecting retail and institutional investors, equity and fixed income markets and related products and services. We serve as an industry coordinating body to promote fair and orderly markets, informed regulatory compliance, and efficient market operations and resiliency. We also provide a forum for industry policy and professional development. SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA). For more information, visit http://www.sifma.org.