© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

Slides:

Advertisements

Similar presentations

Learning from our experience - A journey with a lot of hard work - Its about changing backend processes more than putting up websites.

Advertisements

IBM Corporate Environmental Affairs and Product Safety

DELIVERING SHAREPOINT AS A SERVICE

Technology Communications

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.

Ontario’s New Accessibility Requirements The Accessibility for Ontarians with Disabilities Act (the “AODA”) seeks to improve accessibility for people with.

Mark S. Hayes – Blake, Cassels & Graydon LLP Privacy and Security – Some Observations Mark S. Hayes, Blake, Cassels & Graydon LLP 7th CACR Privacy and.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

THE RIGHT TECHNOLOGY IN INVESTOR RELATIONS: WHAT TO DO ONLINE? THOMSON REUTERS Alex Ménage Head of Business Development Corporate Services Rapidly Developing.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.

1 Office of theCommissariat Privacy Commissionerà la protection de of Canadala vie privée du Canada Personal Information Protection and Electronic Documents.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

© Experian CheetahMail All rights reserved. Confidential and proprietary. 1 © Experian Information Solutions, Inc All rights reserved. Confidential.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Class Discussion Notes MKT March 27, 2001.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Name of presenter(s) or subtitle Privacy laws and their impact on research David W. Stark MRIA B.C. Chapter November 2, 2005.

Standard Bank of South Africa Towards a Knowledge Economy Presenter: Cassim Parak Chief Executive Officer e.com institute.

A NASSCOM ® Initiative DSCI-KPMG Survey 2010 State Of Data Security and Privacy in the Indian Banking Industry Vinayak Godse Director- Data Protection,

© 2012 IBM Corporation Symposium on Digital Curation 0 The Future Workforce Steven Miller IBM.

Case Studies Netstar Solution ImagicTV Inc. Delano Technology Corp. FloNetwork Inc.

TELUS Work Styles Copyright © TELUS Corporation. All rights reserved. Neither the whole nor any part of this work maybe copied, scanned, reproduced, or.

Improving Performance Through Integrated Analytics (iAnalytics) Lori Watson Principal Consultant IBM Business Consulting Services October 29, 2002.

Campaign Readiness Project Overview Enabling a structured, scalable approach to customer-centric campaigns.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

©2011 IBM Corporation Accessibility at IBM: An integrated, holistic approach IBM’s Accessibility Transformation Initiative.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Canadian Advertising in Action, 6th ed. Keith J. Tuckwell ©2003 Pearson Education Canada Inc Elements of the Internet World Wide Web World.

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,

Chemistry making a world of difference Responsible Care ® - Thrusts in Europe Dr Richard Robson Cefic Director APRCC, Manila, Philippines 17 th November.

The CSO’s IT Strategy – using the GSBPM to support good governance MSIS 2010 – Daejeon April 2010 Joe Treacy Central Statistics Office.

Settling the Frontier: The Convergence and Impact of Privacy and Security Practices Chris Israel Deputy Assistant Secretary for Technology Policy U.S.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

G:\99Q3\9220\PD\AJD2.PPT 1 Harriet P. Pearson Chief Privacy Officer IBM February 7, 2003 IBM.

© 2005 IBM Corporation IBM Business-Centric SOA Event SOA on your terms and our expertise Operational Efficiency Achieved through People and SOA Martin.

ESTABLISHING A MANUFACTURING ENTERPRISE Can you create and run a manufacturing enterprise?

1 Platform for Privacy Preferences and RBC Financial Group Della Shea Manager Enterprise Web Compliance RBC Financial Group P3P Implementation Workshop.

0 Archived presentation - 14 October This presentation may be deemed to include forward- looking statements relating to Reuters within the meaning.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Session led by CIO 1 Improving Change Enablement: Program Sponsorship Awareness Session.

The CSO’s IT Strategy and the GSBPM IT Directors Group October 2010 Joe Treacy Central Statistics Office Ireland.

John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.

Data protection—training materials [Name and details of speaker]

1 Data Warehouse Assessments What, Why, and How Noah Subrin Technical Lead SRA International April 24, 2010.

1 ECM APPLICATIONS AND SOLUTIONS - PART 1 MODULE 8 ECM SPECIALIST COURSE 1 Copyright AIIM.

© Akaza Research, LLC : 1 :: 10 Professional open source for clinical research.

Contents Playbook Objectives Playbook Value Details Playbook Design

Government Relations and Public Affairs Consulting

Data Minimization Framework

Decrypting Data Compliance in China

Vertex & EnterpriseOne

Marketing Operations Leverages Scalable and Secure Machine Learning, Big Data from Azure “We deal with large streams of sensitive data from our users,

General Counsel and Chief Privacy Officer

ECT 589: E-Commerce Management

Managing Privacy Risk in Your Commercial Practices

In the attack index…what number is your Company?

WORKSHOP Establish a Communication and Training Plan

Presentation transcript:

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy

12 th CACR Workshop | © 2003 IBM Corporation 2 Agenda  IBM Canada Privacy  IBM Enterprise Wide Policies / Management System  Privacy on demand Assessment Tool  Communication Plan  Road Map

12 th CACR Workshop | © 2003 IBM Corporation 3 How do we manage Privacy?  IT Technology Solutions Tools / Applications Infrastructure Standards  Business Process Governance Model Corporate Guidelines / Business Controls Education / Communication “Why is Privacy Good Business?”  Trust Employees Customers  Values Processes Guidelines

12 th CACR Workshop | © 2003 IBM Corporation 4 IBM Enterprise Wide Policies n Simple, but company wide, mandatory throughout enterprise n Policies  Governs collection from all sources  defines use of data  implemented through a series of corporate instructions that established: principles behind IBM data practices Internet privacy standards requirements for handling (collection, use, disclosure, storage, security, access, transfer or other processing) of:  all employee information  information from customers, prospects, suppliers and other business contacts specific privacy rules for Web applications

12 th CACR Workshop | © 2003 IBM Corporation 5 IBM Enterprise Privacy Management System Existing Private Sector Privacy Laws Emerging Private Sector Privacy Laws Chief Privacy Officers Development & Research Centres Key Business Functions CIO Office

12 th CACR Workshop | © 2003 IBM Corporation 6 IBM CIO Governance Model Employees Personal Computing Servers Storage Technology Software Global Services Global Financing Market Planning Customers/Suppliers Enterprise Model IPD ISC Procure CRMFulfill Strategy, Architecture, Standards and Deployment Management IBM Global Services Network Client Server End User Assist Privacy/Security P3P Scan Mail Web Crawler Cleansing Encryption IT Service Provider Canadian Privacy Assessment on demand Implementation Access Control Retention Disclosure Consent …

12 th CACR Workshop | © 2003 IBM Corporation 7 Privacy on-demand Assessment Tool  Provides on demand impact assessment analysis and reports using a holistic approach that leverages our best practices and business insights  Provides on demand Assessment, Feedback and Suggested Actions to process owners  Delivers Consistent Repeatable Results

12 th CACR Workshop | © 2003 IBM Corporation 8 Privacy on demand Assessments - Reporting

12 th CACR Workshop | © 2003 IBM Corporation 9 The tool first poses general questions about the process being assessed The sensitivity of the personal information the process handles drives the required compliance level

12 th CACR Workshop | © 2003 IBM Corporation 10 The core of the assessment is a 43-question Questionnaire The Questionnaire is divided into “Compliance Areas” reflecting different privacy requirements Answers generate a compliance gap based on the information sensitivity The answer closest to the real situation is picked

12 th CACR Workshop | © 2003 IBM Corporation 11 Summary reports can be generated which roll results up to a Business Unit or Company level

12 th CACR Workshop | © 2003 IBM Corporation 12  Privacy Communication Initiatives Objectives  Engage employees in embracing IBM Canada’s philosophy on privacy  Provide employees with a clear understanding of our obligations and our commitment to comply with the federal legislation as well as IBM’s policies / instructions Strategy  Deliver the right messages to the right audiences at the right time Executive Team Quarterly updates Business Process Owners and Privacy Focal Points Process assessment Training sessions Targeted Employee Audiences Procurement CSO ibm.com SDC HR Client reps General IBM Population Awareness Campaign Posters IBM Canada homepage - web articles/contest - presentation on the web Targeted Employee Audiences Profile Holding Managers ongoing April – September ( 15 sessions 5785 employees) October - November

12 th CACR Workshop | © 2003 IBM Corporation 13 Road Map Controls Communication Corporate Polices/Guidelines Compliance Business Units Managers Employees Customers Policy Statement Privacy Tools Architecture/Standards Guidelines Provincial Legislation "Substantially Similar" Quebec British Columbia Alberta Ontario PIPEDA Self-Assessments Score-card Privacy Health-Checks Access Process Business Partners

12 th CACR Workshop | © 2003 IBM Corporation 14 In Summary …  Privacy is Good Business Creates trust Builds values  Implemented through tools and technology to automate privacy compliance  Managed through a worldwide governance model for privacy adherence  Tracked through processes and roadmap for privacy improvements