1 / 14

Privacy 12 th CACR Workshop

Privacy 12 th CACR Workshop. Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy. Agenda. IBM Canada Privacy IBM Enterprise Wide Policies / Management System Privacy on demand Assessment Tool Communication Plan Road Map. How do we manage Privacy?

dolan
Download Presentation

Privacy 12 th CACR Workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy 12th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy

  2. Agenda • IBM Canada Privacy • IBM Enterprise Wide Policies / Management System • Privacy on demand Assessment Tool • Communication Plan • Road Map

  3. How do we manage Privacy? • IT Technology Solutions • Tools / Applications • Infrastructure • Standards • Business Process Governance Model • Corporate Guidelines / Business Controls • Education / Communication • “Why is Privacy Good Business?” • Trust • Employees • Customers • Values • Processes • Guidelines

  4. IBM Enterprise Wide Policies • Simple, but company wide, mandatory throughout enterprise • Policies • Governs collection from all sources • defines use of data • implemented through a series of corporate instructions that established: • principles behind IBM data practices • Internet privacy standards • requirements for handling (collection, use, disclosure, • storage, security, access, transfer or other processing) of: • all employee information • information from customers, prospects, suppliers • and other business contacts • specific privacy rules for Web applications

  5. Chief Privacy Officers • Development & Research Centres • Key Business Functions • CIO Office Existing Private Sector Privacy Laws EmergingPrivate Sector Privacy Laws IBM Enterprise Privacy Management System

  6. Enterprise Model Market Planning IPD ISC Fulfill CRM Personal Computing Procure Servers Storage Technology Software Customers/Suppliers Global Services Global Financing Employees Strategy, Architecture, Standards and Deployment Management IBM Global Services Canadian Privacy Assessment on demand IBM CIO Governance Model • Implementation • Access Control • Retention • Disclosure • Consent … • P3P • Scan Mail • Web Crawler • E-mail Cleansing • Encryption • Network • Client • Server • End User Assist • Privacy/Security IT Service Provider

  7. Privacy on-demand Assessment Tool • Provides on demand impact assessment analysis and reports using a holistic approach that leverages our best practices and business insights • Provides on demand Assessment, Feedback and Suggested Actions to process owners • Delivers Consistent Repeatable Results

  8. Privacy on demand Assessments - Reporting

  9. The tool first poses general questions about the process being assessed The sensitivity of the personal information the process handles drives the required compliance level

  10. The core of the assessment is a 43-question Questionnaire The Questionnaire is divided into “Compliance Areas” reflecting different privacy requirements The answer closest to the real situation is picked Answers generate a compliance gap based on the information sensitivity

  11. Summary reports can be generated which roll results up to a Business Unit or Company level

  12. Privacy Communication Initiatives Objectives • Engage employees in embracing IBM Canada’s philosophy on privacy • Provide employees with a clear understanding of our obligations and our commitment to comply with the federal legislation as well as IBM’s policies / instructions Strategy • Deliver the right messages to the right audiences at the right time • General IBM Population • Awareness Campaign • Posters • IBM Canada homepage - web articles/contest - presentation on the web Targeted Employee Audiences • Profile Holding Managers • Targeted Employee • Audiences • Procurement • CSO • ibm.com • SDC • HR • Client reps • Business Process • Owners and Privacy • Focal Points • Process assessment • Training sessions • Executive Team • Quarterly updates ongoing ongoing April – September ( 15 sessions 5785 employees) October - November

  13. Controls Communication Corporate Polices/Guidelines Compliance Road Map 2002 2003 2004 Privacy Health-Checks Self-Assessments Score-card Access Process Business Partners Business Units Employees Managers Customers Policy Statement Architecture/Standards Privacy Tools Guidelines Provincial Legislation Quebec British Columbia Alberta Ontario PIPEDA "Substantially Similar"

  14. In Summary … • Privacy is Good Business • Creates trust • Builds values • Implemented through tools and technology to automate privacy compliance • Managed through a worldwide governance model for privacy adherence • Tracked through processes and roadmap for privacy improvements

More Related