Letters

NIST Privacy Framework: Preliminary Draft Comments

Summary

SIFMA, the Bank Policy Institute through its technology policy division known as “BITS,” and the American Bankers Association (ABA) provide comments to the U.S. Department of Commerce on the National Institute of Standards and Technology’s (NIST) preliminary draft of the Privacy Framework.

Also, see: Press Release – SIFMA, BPI and ABA Provide Recommendations to NIST on Draft Privacy Framework, October 24, 2019

PDF

Submitted To

Department of Commerce

Submitted By

SIFMA, BPI, ABA

Date

24

October

2019

Excerpt

October 24, 2019

Via Electronic Mail
The Honorable Walter G. Copan
Under Secretary of Commerce for Standards and Technology and NIST Director
U.S. Department of Commerce
Washington D.C. 20230

Re: NIST Privacy Framework: Preliminary Draft Comments (84 FR 47255)

Dear Dr. Copan:

The Bank Policy Institute through its technology policy division known as “BITS,” the American Bankers Association (ABA), and the Securities Industry and Financial Markets Association (SIFMA) (collectively, the Associations)1 appreciate the opportunity to comment on the National Institute of Standards and Technology’s (NIST) preliminary draft of the Privacy Framework. The Privacy Framework is an important effort that will heighten awareness and help organizations of all sizes better protect sensitive data and improve privacy outcomes for consumers.

I. Executive Summary

The financial services sector is strongly committed to the protection of individuals’ data and has long been subject to legal and regulatory requirements to protect the privacy, security, and confidentiality of customer information.2 We believe the NIST Privacy Framework will help other organizations not subject to similar requirements improve their awareness of privacy risks and implement a governance structure to more effectively manage and communicate the risks inherent in holding and processing consumer data.

In the Associations’ previous submission3, we encouraged NIST to use similar structures identified in the Cybersecurity Framework (CSF); to recognize that domestic and international privacy laws and requirements already exist and create an imperative to harmonize efforts; and to assist in developing clear definitions and a common lexicon.

Continue reading >

1 See Annex A for a description of the Associations
2 For a discussion of the financial sector’s legal and regulatory requirements, please see the Associations’ letter to NTIA’s “Developing the Administration’s Approach to Consumer Privacy” https://www.ntia.doc.gov/files/ntia/publications/financial_trades_ntia_comment_letter_nov_8_2019.pdf
3 See the Associations’ letter dated January 14, 2019 https://bpi.com/wp-content/uploads/2019/01/Financial-Trades-NIST-Privacy-Framework-Letter.pdf