Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

Published byVeronica Morgan Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy."— Presentation transcript:

1 © 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy Consultant IBM Global Services

2 Preparing for Privacy © 2003 IBM Corporation 2 Privacy Commissioners 2001-2 Report Introductory comments on PIPEDA... "Privacy code only the beginning It is the rare organization nowadays that isn't greatly concerned about the privacy rights of individuals -- on paper, at least. Most corporate brochures and Web sites proudly proclaim a privacy code, ostensibly in full compliance with corporate obligations under the PIPED Act. What our complaint investigations are showing, however, is that some organizations have been less than thorough about putting their codes into practice. A privacy code is pointless without comprehensive and detailed policies and procedures, and these in turn are pointless unless they are known and consistently observed and applied. The privacy violations that give rise to complaints are often attributable to problems or defects in an organization's information-handling processes or system as a whole. Such problems are themselves often caused by failure on an organization's part to grasp, or turn its attention to, the practical implications of the PIPED Act's principles. Sometimes, too, the problems derive from unquestioned adherence to traditional practices that may no longer be acceptable under the Act."

3 Preparing for Privacy © 2003 IBM Corporation 3 Privacy Commissioners 2001-2 Report Most common findings...  Overarching theme: Not Operationalizing Privacy Not putting operational procedures in place  Not appointing a Privacy Officer  Not knowing how to handle access requests and privacy complaints Not meeting the time limit  Keeping information too long or not long enough  Not limiting collection to what is necessary Especially unnecessary collection of SIN Not re-visiting old practices  Not identifying purpose Not documented, not presented before collection, employees can't explain  Not instituting proper safeguards Inadequate authorization, transmission security, "need to know"  Not recognizing employee privacy rights

4 Preparing for Privacy © 2003 IBM Corporation 4 What the Leaders are Doing  Senior Management Commitment –Recognition as a strategic issue - senior managers committed, involved, informed –Chief Privacy Officer is a senior officer and/or has direct access to top levels  Setting High Minimum Standards Across the Enterprise –A response to multiple sets of regulations –Adopt best practices on the core principles –Minimal local customization where necessary  Active Externally –Gain a voice in the public policy debate –Gain external benchmarks: –Leverage trade associations, industry organizations –Attend conferences, get independent/external view, share  Making Privacy part of Customer/Employee Loyalty Strategy –Viewing privacy as one end of the preference spectrum –Moving from compliance to opportunity

5 Preparing for Privacy © 2003 IBM Corporation 5 What the Leaders are Doing  Approaching as an Ongoing Business Requirement –Permanent cross-functional steering committees, teams –Systematic, repeatable assessment against objectives –Tracking legislative, marketplace, customer, technology trends  Process Focus –Detailed risk/opportunity analysis of personal information handling processes –Developing Privacy Specific Processes, ex: Access to personal information  Making Privacy Systemic, Embedded –Building privacy considerations into all key process and compliance checkpoints –Assigning ownership at all levels  Leveraging Technology –Identifying where technology can provide risk mitigation and opportunity enhancement –Extending Enterprise Architecture to include Privacy Architecture

6 Preparing for Privacy © 2003 IBM Corporation 6 PIA Tool Reports

7 Preparing for Privacy © 2003 IBM Corporation 7  Description –A review of a company's website privacy management practices to create trust among website users to ensure that appropriate privacy and security measures are taken and are visible to the user –Use of best-of-breed automated platform to test for privacy compliance  Deliverable –A comprehensive, web-based report identifying: Privacy Website Assessment Offering

8 Preparing for Privacy © 2003 IBM Corporation 8 Key Components of the GoA Privacy Architecture Identity Protection Component (IDPC) How should we index personal information? Privacy Taxonomy How should we classify personal information? Glossary How do we communicat e privacy requirements and issues? Privacy Transformation How do we transform personal information to less sensitive forms? Privacy Design Guidance How do we make privacy- smart IT design and acquisition decisions? Active Privacy Architecture How do we use technology to manage privacy in real-time? Data Placement Where should we place personal data in our IT infrastructure?

9 Preparing for Privacy © 2003 IBM Corporation 9 20% 13% 11%.... please Questions???

Download ppt "© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy."

Similar presentations

Implementing a Behavior Based Safety Process at Rockwell Automation

Implementing a Behavior Based Safety Process at Rockwell Automation
Organizational Governance

Organizational Governance
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
Sept. 2012 Topics of interest & risk in our industry today Christine Scaini Compliance Consultant Market Conduct Compliance.

Sept Topics of interest & risk in our industry today Christine Scaini Compliance Consultant Market Conduct Compliance.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.

BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.
What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.

What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.
Global Information Systems

Global Information Systems
IBM Global Services © 2003 IBM Corporation Privacy Technology and the Public Sector CACR Conference November 6, 2003 IBM Global Services.

IBM Global Services © 2003 IBM Corporation Privacy Technology and the Public Sector CACR Conference November 6, 2003 IBM Global Services.
© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.
Information Systems Security Officer

Information Systems Security Officer
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Certified Business Process Professional (CBPP®)

Certified Business Process Professional (CBPP®)
Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
The Importance of Transparency and Disclosure Presented by Brian S. Brown Seoul, Korea - March 1999 OECD Conference: Corporate Governance in Asia.

The Importance of Transparency and Disclosure Presented by Brian S. Brown Seoul, Korea - March 1999 OECD Conference: Corporate Governance in Asia.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google