IBM's Chief Privacy officer: What America needs in a national consumer privacy law

Today, I’m writing about privacy from a computer connected to nearly every other computer on the planet.

In a moment, I’ll walk down the hall with a device that informs me in ways unimagined not long ago, yet which has the ability to inform others of every step I take.

As IBM’s newly named Chief Privacy Officer, I’m in the business of reconciling contradictions like these, as I oversee our compliance with the laws across 175 countries in which we operate and advocate for new policies and procedures that advance the cause of consumer and client privacy.

That advocacy role got a big boost in September when our CEO, Ginni Rometty, joined 50 fellow chief executives of America’s premier corporations from the Business Roundtable by calling for the United States to adopt a national privacy law that protects consumers by expanding their current rights while fostering competitiveness and innovation.

When American businesses (including most, but not all, major tech companies) ask for consumers to have the right to exert more control over data they generate — including the right to access, correct and delete that data — we have entered a new era. The last few years have been a time of listening to people’s hopes and fears, learning new ways to innovate responsibly, and leading toward flexible and vigorous standards that will protect these rights for decades.

Now, we and our elected leaders must act.

Microsoft president: Data privacy is one of the 'fundamental freedoms of our time'

'Tech companies need to think more about it, as a society, across this country, we need to think more about it,' Brad Smith told FOX Business.

No company has ever succeeded without listening intently to its customers. In doing so, businesses large and small have begun coming to grips with the implications of collecting so much data, data that IBM and many others liken to “a new natural resource.” This natural resource has come to include people’s names and identifying information like Social Security numbers, as well as personal proof points gleaned from a specific device that could be used to identify that individual.

Does that mean me, and the places I pause in a grocery store aisle, and even the products I pick up and those I brush past? It does, and then some. Does it include health status, relationship indicators, financial records and many more of the most personal facts, preferences and insights? All of these and more are the kinds of data in question.

Like any natural resource, personal data must be protected and conserved.

Learning how to collect and manage this information is an unending process for IBM, as well as for many of our competitors and clients. In complying with existing laws, we’ve seen where they have fallen short of client and public expectations.

And one thing that American business has learned is that our nation urgently needs comprehensive, federal consumer privacy legislation. If companies are to live up to society’s expectations of trust and transparency, there must be a legal framework that is seamless across our 50 states -- and accountability measures that support these new laws.  Corporate pledges and industry best practices can’t alone police bad actors who will exploit data for their own ends without respect for consumers’ privacy.

Consumers deserve consistent privacy protections nationwide, no matter where they are or what they’re doing – from banking, shopping, reading the news or sharing experiences and stories with friends. If we want technology and the digital economy to continue propelling American innovation and leadership in the world, we need legislation to strengthen those protections now.


The U.S. technology industry has shown itself to be a tremendous creator of jobs and prosperity. Increasingly, the benefits of technology are unlocking new opportunities in communities across this country where tech jobs have been scarce at best. With well-crafted privacy legislation, we can protect and grow this economic success story and avoid patchwork approaches that stifles innovation and risks ceding America’s high-tech leadership

In 2000, IBM was the first major company in our industry to establish a Chief Privacy Officer position. We saw then the opportunity for privacy to impact our economic and social dialogue. Today, we see just as much opportunity for business and government to partner in a way that puts privacy at the forefront of America’s competitive edge.

Christina Montgomery is Chief Privacy Officer and an IBM Vice President. As CPO, Christina oversees IMB's privacy program, compliance and strategy on a global basis, and directs all aspects of IBM's privacy policies, including the IBM AI Ethics Board.