Privacy 12 th cacr workshop
Download
1 / 14

Privacy 12 th CACR Workshop - PowerPoint PPT Presentation


  • 152 Views
  • Uploaded on

Privacy 12 th CACR Workshop. Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy. Agenda. IBM Canada Privacy IBM Enterprise Wide Policies / Management System Privacy on demand Assessment Tool Communication Plan Road Map. How do we manage Privacy?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Privacy 12 th CACR Workshop' - dolan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Privacy 12 th cacr workshop

Privacy 12th CACR Workshop

Yim Y. Chan

Chief Privacy Officer & CIO

IBM Canada Ltd.

w3.ibm.com/Privacy


Agenda
Agenda

  • IBM Canada Privacy

  • IBM Enterprise Wide Policies / Management System

  • Privacy on demand Assessment Tool

  • Communication Plan

  • Road Map


  • How do we manage Privacy?

    • IT Technology Solutions

      • Tools / Applications

      • Infrastructure

      • Standards

    • Business Process Governance Model

      • Corporate Guidelines / Business Controls

      • Education / Communication

  • “Why is Privacy Good Business?”

    • Trust

      • Employees

      • Customers

    • Values

      • Processes

      • Guidelines


Ibm enterprise wide policies
IBM Enterprise Wide Policies

  • Simple, but company wide, mandatory throughout enterprise

  • Policies

    • Governs collection from all sources

    • defines use of data

    • implemented through a series of corporate instructions that

      established:

      • principles behind IBM data practices

      • Internet privacy standards

      • requirements for handling (collection, use, disclosure,

      • storage, security, access, transfer or other processing) of:

        • all employee information

        • information from customers, prospects, suppliers

        • and other business contacts

      • specific privacy rules for Web applications


Ibm enterprise privacy management system

Existing Private Sector

Privacy Laws

EmergingPrivate Sector

Privacy Laws

IBM Enterprise Privacy Management System


Ibm cio governance model

Enterprise Model

Market

Planning

IPD

ISC

Fulfill

CRM

Personal

Computing

Procure

Servers

Storage

Technology

Software

Customers/Suppliers

Global

Services

Global

Financing

Employees

Strategy, Architecture, Standards and Deployment Management

IBM Global Services

Canadian Privacy Assessment

on demand

IBM CIO Governance Model

  • Implementation

  • Access Control

  • Retention

  • Disclosure

  • Consent …

  • P3P

  • Scan Mail

  • Web Crawler

  • E-mail Cleansing

  • Encryption

  • Network

  • Client

  • Server

  • End User Assist

  • Privacy/Security

IT Service Provider


Privacy on demand assessment tool
Privacy on-demand Assessment Tool

  • Provides on demand impact assessment analysis and reports using a holistic approach that leverages our best practices and business insights

  • Provides on demand Assessment, Feedback and Suggested Actions to process owners

  • Delivers Consistent Repeatable Results



The tool first poses general questions about the process being assessed

The sensitivity of the personal information the process handles drives the required compliance level


The core of the assessment is a 43-question Questionnaire being assessed

The Questionnaire is divided into “Compliance Areas” reflecting different privacy requirements

The answer closest to the real situation is picked

Answers generate a compliance gap based on the information sensitivity



Privacy communication initiatives
Privacy Communication Initiatives Business Unit or Company level

Objectives

  • Engage employees in embracing IBM Canada’s philosophy on privacy

  • Provide employees with a clear understanding of our obligations and our commitment to comply with the federal legislation as well as IBM’s policies / instructions

    Strategy

  • Deliver the right messages to the right audiences at the right time

  • General IBM Population

  • Awareness Campaign

  • Posters

  • IBM Canada homepage

    - web articles/contest

    - presentation on the web

    Targeted Employee Audiences

  • Profile Holding Managers

  • Targeted Employee

  • Audiences

  • Procurement

  • CSO

  • ibm.com

  • SDC

  • HR

  • Client reps

  • Business Process

  • Owners and Privacy

  • Focal Points

  • Process assessment

  • Training sessions

  • Executive Team

  • Quarterly updates

ongoing

ongoing

April – September

( 15 sessions

5785 employees)

October - November


Road map

Controls Business Unit or Company level

Communication

Corporate Polices/Guidelines

Compliance

Road Map

2002

2003

2004

Privacy Health-Checks

Self-Assessments

Score-card

Access Process

Business Partners

Business Units

Employees

Managers

Customers

Policy Statement

Architecture/Standards

Privacy Tools

Guidelines

Provincial Legislation

Quebec British Columbia Alberta Ontario

PIPEDA

"Substantially Similar"


In summary
In Summary … Business Unit or Company level

  • Privacy is Good Business

    • Creates trust

    • Builds values

  • Implemented through tools and technology to automate privacy compliance

  • Managed through a worldwide governance model for privacy adherence

  • Tracked through processes and roadmap for privacy improvements


ad