However, she doesn't think government regulation is necessarily the answer.
"This is better for companies to self-regulate," Rometty said on "Power Lunch."
Her comments come as Facebook continues to face heat from reports that conservative research firm Cambridge Analytica improperly gained access to data from 50 million Facebook profiles before the 2016 presidential election.
Facebook shares were down for the second day in a row Tuesday.
The social media giant has maintained that the mishandling of data was the result of abuse on the part of Cambridge Analytica and app developer Aleksandr Kogan. Cambridge Analytica has denied violating Facebook's terms of service. Cambridge Analytica's board said Tuesday it had suspended CEO Alexander Nix.
On Monday, Bloomberg reported the Federal Trade Commission is investigating the incident. U.K. officials are also conducting a probe.
Meanwhile, Facebook will brief members of congressional intelligence committees, commerce committees and judiciary committees on Tuesday and Wednesday, NBC News reported.
"If the industry won't solve these kinds of problems themselves, we'll have to solve them with legislation. I don't think that's the most desirable course of action but you can't have 50 million people lose the privacy of their data this way," Sen. Dianne Feinstein, D-Calif., said earlier Tuesday.
Rometty said it is an issue that applies to all companies, not just tech.
"Every company has to be very clear about their data principals, opt in, opt out, you have to be very clear and then very clear about how you steward security," she said.
— CNBC's Sara Salinas contributed to this report.