Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

Similar presentations


Presentation on theme: "© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy."— Presentation transcript:

1 © 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy

2 12 th CACR Workshop | © 2003 IBM Corporation 2 Agenda  IBM Canada Privacy  IBM Enterprise Wide Policies / Management System  Privacy on demand Assessment Tool  Communication Plan  Road Map

3 12 th CACR Workshop | © 2003 IBM Corporation 3 How do we manage Privacy?  IT Technology Solutions Tools / Applications Infrastructure Standards  Business Process Governance Model Corporate Guidelines / Business Controls Education / Communication “Why is Privacy Good Business?”  Trust Employees Customers  Values Processes Guidelines

4 12 th CACR Workshop | © 2003 IBM Corporation 4 IBM Enterprise Wide Policies n Simple, but company wide, mandatory throughout enterprise n Policies  Governs collection from all sources  defines use of data  implemented through a series of corporate instructions that established: principles behind IBM data practices Internet privacy standards requirements for handling (collection, use, disclosure, storage, security, access, transfer or other processing) of:  all employee information  information from customers, prospects, suppliers and other business contacts specific privacy rules for Web applications

5 12 th CACR Workshop | © 2003 IBM Corporation 5 IBM Enterprise Privacy Management System Existing Private Sector Privacy Laws Emerging Private Sector Privacy Laws Chief Privacy Officers Development & Research Centres Key Business Functions CIO Office

6 12 th CACR Workshop | © 2003 IBM Corporation 6 IBM CIO Governance Model Employees Personal Computing Servers Storage Technology Software Global Services Global Financing Market Planning Customers/Suppliers Enterprise Model IPD ISC Procure CRMFulfill Strategy, Architecture, Standards and Deployment Management IBM Global Services Network Client Server End User Assist Privacy/Security P3P Scan Mail Web Crawler E-mail Cleansing Encryption IT Service Provider Canadian Privacy Assessment on demand Implementation Access Control Retention Disclosure Consent …

7 12 th CACR Workshop | © 2003 IBM Corporation 7 Privacy on-demand Assessment Tool  Provides on demand impact assessment analysis and reports using a holistic approach that leverages our best practices and business insights  Provides on demand Assessment, Feedback and Suggested Actions to process owners  Delivers Consistent Repeatable Results

8 12 th CACR Workshop | © 2003 IBM Corporation 8 Privacy on demand Assessments - Reporting

9 12 th CACR Workshop | © 2003 IBM Corporation 9 The tool first poses general questions about the process being assessed The sensitivity of the personal information the process handles drives the required compliance level

10 12 th CACR Workshop | © 2003 IBM Corporation 10 The core of the assessment is a 43-question Questionnaire The Questionnaire is divided into “Compliance Areas” reflecting different privacy requirements Answers generate a compliance gap based on the information sensitivity The answer closest to the real situation is picked

11 12 th CACR Workshop | © 2003 IBM Corporation 11 Summary reports can be generated which roll results up to a Business Unit or Company level

12 12 th CACR Workshop | © 2003 IBM Corporation 12  Privacy Communication Initiatives Objectives  Engage employees in embracing IBM Canada’s philosophy on privacy  Provide employees with a clear understanding of our obligations and our commitment to comply with the federal legislation as well as IBM’s policies / instructions Strategy  Deliver the right messages to the right audiences at the right time Executive Team Quarterly updates Business Process Owners and Privacy Focal Points Process assessment Training sessions Targeted Employee Audiences Procurement CSO ibm.com SDC HR Client reps General IBM Population Awareness Campaign Posters IBM Canada homepage - web articles/contest - presentation on the web Targeted Employee Audiences Profile Holding Managers ongoing April – September ( 15 sessions 5785 employees) October - November

13 12 th CACR Workshop | © 2003 IBM Corporation 13 Road Map 2002 2003 2004 Controls Communication Corporate Polices/Guidelines Compliance Business Units Managers Employees Customers Policy Statement Privacy Tools Architecture/Standards Guidelines Provincial Legislation "Substantially Similar" Quebec British Columbia Alberta Ontario PIPEDA Self-Assessments Score-card Privacy Health-Checks Access Process Business Partners

14 12 th CACR Workshop | © 2003 IBM Corporation 14 In Summary …  Privacy is Good Business Creates trust Builds values  Implemented through tools and technology to automate privacy compliance  Managed through a worldwide governance model for privacy adherence  Tracked through processes and roadmap for privacy improvements


Download ppt "© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy."

Similar presentations


Ads by Google