On January 14, the Bank Policy Institute through its technology policy division known as “BITS” along with the American Bankers Association (ABA) and the Securities Industry and Financial Market Association (SIFMA) submitted a comment letter to the National Institute of Standards and Technology (NIST) on it request for information on the NIST Privacy Framework: An Enterprise Risk Management Tool. The letter expressed support for NIST’s effort and made recommendations that the Framework replicate the structure of the current Cybersecurity Framework, while also defining terminology and offering a series of standards that can guide the broader economy in managing privacy risk.
The letter also urged consideration of the complexities of the multiple legal and regulatory regimes that currently dictate how the financial services sector manages privacy risk, and encourages NIST to partner with other U.S. government agencies to more effectively harmonize the global regulatory environment.
