Press Release

U.S. to Help Define New International Standard for Consumer Privacy by Design

Amazon, American Express, Apple, Axiomatics, Bank of America, BigID, Cisco, Comcast, Deloitte, DocuSign, Dropbox, Equifax, Experian, Ernst & Young, Facebook, Ford, Google, IBM, Ionic Security, JPMorgan Chase, Kaiser Permanente, KPMG, MailChimp, Mastercard, Microsoft, OneTrust, PwC, Return Path, Riot Games, Sentinel, State Street, Sumo Logic, Tesla, TransUnion, TrustArc, Uber, US NIST, Verizon, Walmart, WireWheel, and Worldpay Form US Technical Advisory Group Under ANSI and OASIS to ISO/PC 317

Oct 9, 2018 – Defining international standards for privacy is critical for the future of global commerce. To support this cause, many of America’s leading companies and government agencies are collaborating to help define the new international standard for “Consumer Protection: Privacy by Design”. The standard will be part of ISO Project Committee 317. As one of 12 countries with Participant status in ISO/PC 317, the United States will be represented by its Technical Advisory Group (TAG), administered by the American National Standards Institute (ANSI) in partnership with the OASIS standards and open source consortium. Members of the U.S. TAG represent America’s leading companies and government agencies committed to privacy rights for consumers.

“ISO/PC 317 will complement the efforts of the European GDPR standard aiming to aid in the prevention of data breaches while giving consumers more control over the use of their data,” said Rik Parker of KPMG, chair of the U.S. TAG to ISO/PC 317. “By being involved from the outset, the U.S. can be sure that this international standard is practical, well-conceived, and adoptable across complex organizations.”

“The implementation of data privacy principles and data protection requirements into an organization’s business processes has become one of the most complex business challenges of the 21st century,” said Debra Farber of BigID, vice chair of the U.S TAG to ISO/PC 317. “I consider it a tremendous honor to contribute to the establishment of a global set of regulatory-agnostic guidelines that embed privacy into products and services by design and default.”

“It’s a huge endeavor—but one we have to take on now,” added Aris Gkoulalas-Divanis of IBM Watson Health, vice chair of the U.S. TAG to ISO/PC 317. “Every organization that deals with consumer data is going to be impacted by the standard we produce in ISO/PC 317. State-of-the-art privacy enhancing technologies, including privacy and security controls, should be incorporated into product design to offer end-to-end privacy protection while allowing products to deliver on their intended functionality.”

In addition to the U.S., 11 other countries, including the U.K., China, Canada, and Korea, have a voice in establishing this global standard. The first meeting of ISO/PC 317 will be held in London, Nov 1-2, 2018.

Representation on the U.S. TAG to ISO/PC 317 is open to U.S.-based companies, national and local government agencies, and researchers that digitally collect or process consumer data.

More information on the U.S. TAG to ISO/PC 317 is at:

Support from U.S. TAG members

American Express
“At American Express, we have a long-standing commitment to protecting the privacy and data of our customers. We are proud to support ISO/PC 317 and believe that consumer privacy rights are at the core of technological innovation.”
— Louise Thorpe, Chief Privacy Officer, American Express

“As part of Equifax’s ongoing transformation and commitment to data security, we’re continuing to put the consumer at the forefront of everything we do. The advisory committee will provide a forum for sharing what we’ve learned over the past year, and together as a team of experts, we can incorporate those learnings into a global framework that will ultimately enhance the privacy of personal data.”
— Nick Oldham, Chief Privacy and Data Governance Officer, Equifax

“As a company committed to safeguarding personal data and helping small businesses grow and succeed, we have embraced privacy by design as a core principle. We are pleased to participate in the U.S. Technical Advisory Group to ISO/PC 317 as a voice for our small business customers, and to collaborate in shaping the new privacy by design standard to be accessible to small businesses and scalable for their unique needs.”
— Meghan Farmer, Data Protection Officer, MailChimp

“Privacy by Design is the cornerstone of our privacy strategy at Mastercard, and we believe it is essential to effectively protect individuals’ privacy while enabling future innovation. The work of the U.S. TAG in support of ISO/PC 317 will be critical to provide organizations with practical guidance to operationalize Privacy by Design.”
— Caroline Louveaux, Mastercard’s Chief Privacy Officer

“Privacy laws are a baseline. Companies that want to set themselves apart need to gain the trust of their customers by designing with privacy in mind throughout the entire development life cycle. ISO/PC 317 will be an excellent tool to convert that aspiration into action. OneTrust is proud to be a part of the working group developing ISO/PC 317 and we look forward to working with other industry leaders to develop what is likely to be the gold standard for privacy by design.”
— Andrew Clearwater, Director of Privacy, OneTrust

Return Path
“In today’s interconnected world, we know that consumers are concerned about their privacy and how their data is being used. This fear creates a lack of trust, which isn’t healthy for any business. At Return Path, privacy has always been a top priority. We’re proud to participate in the ISO/PC 317, and we believe the committee’s work will enhance consumer trust, while also enforcing compliance with applicable regulations.”
— Dennis Dayman, Chief Privacy and Security Officer, Return Path

“Privacy by design as well as ethical privacy practices and processes can enhance technology innovation. Uber looks forward to helping create a global approach to consumer privacy standards that create better products and user experiences.”
— Ruby Zefo, Chief Privacy Officer, Uber

“Verizon looks forward to working with the other members of the U.S. TAG to contribute to the development of the ISO privacy by design standard.”
— Karen Zacharia, Chief Privacy Officer, Verizon

“WireWheel’s mission is to help our customers show that they are outstanding custodians of personal information. We are proud to be a founding member of the Privacy by Design ISO US Technical Advisory Group. This ISO Project Committee has a real opportunity to further Privacy by Design for all companies by setting standards for including privacy in products and services.”
– Justin Antonipillai, CEO, WireWheel

About ANSI

The American National Standards Institute (ANSI) is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents and serves the diverse interests of more than 270,000 companies and organizations and 30 million professionals worldwide. ANSI is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC).


OASIS is one of the most respected, member-driven standards bodies in the world. It offers standards and open source projects a path to recognition in international policy and procurement. OASIS has a broad technical agenda encompassing cybersecurity, privacy, cryptography, cloud computing, IoT, legal, emergency management, augmented reality, and more. Any initiative for developing code, APIs, specifications, or reference implementations can find a home at OASIS. Each project operates independently under industry-approved process and IPR policies. Some of the most widely adopted OASIS Standards include AMQP, CAP, CMIS, DITA, DocBook, KMIP, MQTT, OpenC2, OpenDocument, PKCS, SAML, STIX, TAXII, TOSCA, UBL, and XLIFF. Many of these have gone on to be published as ISO, IEC, or ITU standards. New work is encouraged, and all are welcome to participate. OASIS members can be found in 100+ countries on virtually every continent. Major multinational companies, SMEs, government agencies, universities, research institutions, consulting groups, and individuals are represented.

# # #

Media inquiries:; +1.941.284.0403