ABA, Trade Groups Provide Recommendations on NIST’s Draft Privacy Framework

The American Bankers Association joined the Bank Policy Institute and the Securities Industry and Financial Markets Association in a comment letter to the National Institute of Standards and Technology today offering feedback on the preliminary draft of NIST’s proposed privacy framework—a voluntary tool intended to help organizations of all sizes assess privacy risk and implement solutions to ensure consumer protection.

The associations expressed support for NIST’s work thus far, including the decision to model the framework after the existing cybersecurity framework, which they encouraged in previous comments. They also outlined several recommendations as NIST continues to refine the framework. Among other things, the associations urged NIST to ensure definitions align with common privacy terms and provide a mechanism to help organizations address conflicts of law and demonstrate compliance.

“Modernization and the digitization of our economy have created numerous benefits for individuals, businesses, and society, but we must ensure all organizations take responsibility for managing and protecting individuals’ information,” the associations said. “We believe that the NIST Privacy Framework can serve as a valuable tool that organizations may use to build and adapt a privacy program that fits the size, complexity, risk profile, and unique attributes of a particular institution and their sector.”