Privacy 12 th cacr workshop
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Privacy 12 th CACR Workshop PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on
  • Presentation posted in: General

Privacy 12 th CACR Workshop. Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy. Agenda. IBM Canada Privacy IBM Enterprise Wide Policies / Management System Privacy on demand Assessment Tool Communication Plan Road Map. How do we manage Privacy?

Download Presentation

Privacy 12 th CACR Workshop

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Privacy 12 th cacr workshop

Privacy 12th CACR Workshop

Yim Y. Chan

Chief Privacy Officer & CIO

IBM Canada Ltd.

w3.ibm.com/Privacy


Agenda

Agenda

  • IBM Canada Privacy

  • IBM Enterprise Wide Policies / Management System

  • Privacy on demand Assessment Tool

  • Communication Plan

  • Road Map


Privacy 12 th cacr workshop

  • How do we manage Privacy?

    • IT Technology Solutions

      • Tools / Applications

      • Infrastructure

      • Standards

    • Business Process Governance Model

      • Corporate Guidelines / Business Controls

      • Education / Communication

  • “Why is Privacy Good Business?”

    • Trust

      • Employees

      • Customers

    • Values

      • Processes

      • Guidelines


Ibm enterprise wide policies

IBM Enterprise Wide Policies

  • Simple, but company wide, mandatory throughout enterprise

  • Policies

    • Governs collection from all sources

    • defines use of data

    • implemented through a series of corporate instructions that

      established:

      • principles behind IBM data practices

      • Internet privacy standards

      • requirements for handling (collection, use, disclosure,

      • storage, security, access, transfer or other processing) of:

        • all employee information

        • information from customers, prospects, suppliers

        • and other business contacts

      • specific privacy rules for Web applications


Ibm enterprise privacy management system

  • Chief Privacy Officers

  • Development & Research Centres

  • Key Business Functions

  • CIO Office

Existing Private Sector

Privacy Laws

EmergingPrivate Sector

Privacy Laws

IBM Enterprise Privacy Management System


Ibm cio governance model

Enterprise Model

Market

Planning

IPD

ISC

Fulfill

CRM

Personal

Computing

Procure

Servers

Storage

Technology

Software

Customers/Suppliers

Global

Services

Global

Financing

Employees

Strategy, Architecture, Standards and Deployment Management

IBM Global Services

Canadian Privacy Assessment

on demand

IBM CIO Governance Model

  • Implementation

  • Access Control

  • Retention

  • Disclosure

  • Consent …

  • P3P

  • Scan Mail

  • Web Crawler

  • E-mail Cleansing

  • Encryption

  • Network

  • Client

  • Server

  • End User Assist

  • Privacy/Security

IT Service Provider


Privacy on demand assessment tool

Privacy on-demand Assessment Tool

  • Provides on demand impact assessment analysis and reports using a holistic approach that leverages our best practices and business insights

  • Provides on demand Assessment, Feedback and Suggested Actions to process owners

  • Delivers Consistent Repeatable Results


Privacy on demand assessments reporting

Privacy on demand Assessments - Reporting


Privacy 12 th cacr workshop

The tool first poses general questions about the process being assessed

The sensitivity of the personal information the process handles drives the required compliance level


Privacy 12 th cacr workshop

The core of the assessment is a 43-question Questionnaire

The Questionnaire is divided into “Compliance Areas” reflecting different privacy requirements

The answer closest to the real situation is picked

Answers generate a compliance gap based on the information sensitivity


Privacy 12 th cacr workshop

Summary reports can be generated which roll results up to a Business Unit or Company level


Privacy communication initiatives

Privacy Communication Initiatives

Objectives

  • Engage employees in embracing IBM Canada’s philosophy on privacy

  • Provide employees with a clear understanding of our obligations and our commitment to comply with the federal legislation as well as IBM’s policies / instructions

    Strategy

  • Deliver the right messages to the right audiences at the right time

  • General IBM Population

  • Awareness Campaign

  • Posters

  • IBM Canada homepage

    - web articles/contest

    - presentation on the web

    Targeted Employee Audiences

  • Profile Holding Managers

  • Targeted Employee

  • Audiences

  • Procurement

  • CSO

  • ibm.com

  • SDC

  • HR

  • Client reps

  • Business Process

  • Owners and Privacy

  • Focal Points

  • Process assessment

  • Training sessions

  • Executive Team

  • Quarterly updates

ongoing

ongoing

April – September

( 15 sessions

5785 employees)

October - November


Road map

Controls

Communication

Corporate Polices/Guidelines

Compliance

Road Map

2002

2003

2004

Privacy Health-Checks

Self-Assessments

Score-card

Access Process

Business Partners

Business Units

Employees

Managers

Customers

Policy Statement

Architecture/Standards

Privacy Tools

Guidelines

Provincial Legislation

Quebec British Columbia Alberta Ontario

PIPEDA

"Substantially Similar"


In summary

In Summary …

  • Privacy is Good Business

    • Creates trust

    • Builds values

  • Implemented through tools and technology to automate privacy compliance

  • Managed through a worldwide governance model for privacy adherence

  • Tracked through processes and roadmap for privacy improvements


  • Login