Additional Comments on NASAA’s Re-proposal of Revisions to its Model Rule
SIFMA provided additional comments to the North American Securities Administrators Association, Inc. (NASAA) on the re-proposal of revisions to its…
October 24, 2019
Via Electronic Mail
The Honorable Walter G. Copan
Under Secretary of Commerce for Standards and Technology and NIST Director
U.S. Department of Commerce
Washington D.C. 20230
Re: NIST Privacy Framework: Preliminary Draft Comments (84 FR 47255)
Dear Dr. Copan:
The Bank Policy Institute through its technology policy division known as “BITS,” the American Bankers Association (ABA), and the Securities Industry and Financial Markets Association (SIFMA) (collectively, the Associations)1 appreciate the opportunity to comment on the National Institute of Standards and Technology’s (NIST) preliminary draft of the Privacy Framework. The Privacy Framework is an important effort that will heighten awareness and help organizations of all sizes better protect sensitive data and improve privacy outcomes for consumers.
I. Executive Summary
The financial services sector is strongly committed to the protection of individuals’ data and has long been subject to legal and regulatory requirements to protect the privacy, security, and confidentiality of customer information.2 We believe the NIST Privacy Framework will help other organizations not subject to similar requirements improve their awareness of privacy risks and implement a governance structure to more effectively manage and communicate the risks inherent in holding and processing consumer data.
In the Associations’ previous submission3, we encouraged NIST to use similar structures identified in the Cybersecurity Framework (CSF); to recognize that domestic and international privacy laws and requirements already exist and create an imperative to harmonize efforts; and to assist in developing clear definitions and a common lexicon.
1 See Annex A for a description of the Associations
2 For a discussion of the financial sector’s legal and regulatory requirements, please see the Associations’ letter to NTIA’s “Developing the Administration’s Approach to Consumer Privacy” https://www.ntia.doc.gov/files/ntia/publications/financial_trades_ntia_comment_letter_nov_8_2019.pdf
3 See the Associations’ letter dated January 14, 2019 https://bpi.com/wp-content/uploads/2019/01/Financial-Trades-NIST-Privacy-Framework-Letter.pdf