PRIVACY TRENDS: COMPLYING WITH NEW DEMANDS

1
PRIVACY TRENDS COMPLYINGWITH NEW
DEMANDS Privacy and Existing Technologies Micha
el Krushnisky Vice President, Sales, Marketing
and Business Development Tuesday, October 22,
2002
2

• Privacy and Technology
• Is your Organization Privacy Compliant today?
• Will it be Compliant by Jan. 1, 2004?
• Trust of Clients and Employees?
• Ensure Private Information becomes a useful
  tool,
• not a potential weapon
• PIPEDA

3

• Right of Privacy
• Privacy is the ability for a person to control
  the
• information relating to them
• Security, Privacy and Confidentiality
• Protection of Privacy is Paramount
• Privacy protection is a journey rather than a
• destination

4

• 10 Privacy Principles
• Adherence to 10 Privacy Principles necessary
• to be Privacy Compliant
• Major Challenge
• Existing Technology to help with worldwide
• privacy laws and regulations
• Ability to support your own Organizations
• Privacy Policies

5

• Key risks to Non-Compliance
• Loss of Reputation and Credibility
• Possibility of Litigation
• Power of Adverse Publicity
• Whistle-blowing
• Potential Loss of Customer Base
• Impact will be your Bottom Line

6

• Further Consequences
• Anyone can file a Complaint to the
• Privacy Commissioner to be Investigated by the
• Commissioners Office
• Court Hearing initiated by Complainant or
• Commissioner acting on Complainants behalf
• Correction Order and requirement to Publish
• remedial action taken
• Damages, including damages for humiliation
• Fines 100,000 may be imposed

7

• Increasing Public Awareness keeps Privacy
• Compliance a topic of Controversy
• Privacy Deficient Stories
• Insurance Company left confidential data
• records of 15 customers in a parking lot
• Telecommunications company donated
• computer printouts to local day-care centres as
• drawing paper
• Local resident received confidential medical
• records from Ontario psychiatric Institutions
  for
• a nine month period.

8

• Alarming Statistics
• Only 22 of Canadians are comfortable
• giving their credit card number on-line. EKOS
  Research
• 46 of consumers are extremely or very
• concerned about the privacy of their personal
• information. Only 40 believe that companies
• will honour their posted Privacy Policies,
  Gallup Poll
• 56 of respondents surveyed said that they are
• worried about a loss of personal privacy,
  Harris Poll
• Increasingly, growing statistics clearly
  indicate
• that Customer Trust is being jeopardized

9

• Where Policy Meets Practice
• End to End Privacy Compliance Solution
• Appoint a Privacy Officer
• Implement Policies and Practices
• Conduct a Privacy Impact Assessment
• Create Procedure to protect Personal
• Information Records.
• Establish a complaint and inquiry resolution
• process

10

• Train and Educate staff about Organizational
• policies and practices
• Develop information to explain the
• Organizations policies and practices
• Technology will help with every
• step towards Privacy Compliance.

11

• Information is Organic
• Scope of Personal Information being held?
• Manage Risk
• Inventory Personal Information Repositories
• Technology that will effectively catalogue a
  host
• of attributes associated with each PIR
• Attributes of product will highlight any
  deficiency
• relative to legislative compliance
• Priorities can be assigned to each PIR so that
• remedial measures can be taken

12

• Privacy Officer can manage all projects on a
• case by case basis ensuring long term
• Privacy Compliance.
• Accuracy of Personal Information is achieved
• using tracking software which logs the status
• and accuracy of each PIR enabling remedial
• action if required but ensuring easy
  management.
• Technology maintaining an inventory of all
• information assets affected by privacy
  regulations

13

• Streamlined Privacy Impact Assessment and
• Privacy Compliance efforts
• Innumerable Reporting Capabilities
• Inventory and profile of all of your Personal
• Information Repositories including your
• Privacy contacts
• Auditable trail of all actions taken
• Accountability

14

• Consent Technology
• The knowledge and consent of the individual is
• required for the collection, use and
  disclosure
• of personal information.
• Consent database can be created regardless of
• the number of Personal Information
  Repositories
• to be managed with in-house suppression file.
• Privacy Preference List ensuring Privacy is
• respected throughout the Organization
• Do not contact and various consent levels with
• todays Technology.

15

• Identifying Purpose
• Compliant consent capture and Management
• software system
• Scaleable and secure consent solution
• Suppression Engine manages customer
• Privacy preferences
• Consent Solution is a business imperative

16

• Privacy Management
• Operationalize your Privacy Policies
• Automated Case Managers workflow
• responding to inquiries, complaints and access
• requests
• Superior Multi level reporting capabilities
• Guaranteeing Legislative Compliance and
• eliminating risk
• Build back the Trust!

17

• Increase Privacy Compliance Awareness
• Establish those Privacy Policies
• Appoint that Privacy Officer
• Bring Privacy up the priority list ladder
• 2004 is getting closer

18

• Privacy Compliance achieved Manually
• Yes, first however, determine the risks and the
• resources required to certify your
  Organization
• Privacy Compliant
• What is the ultimate risk and cost, without the
• advantages of Technology?

19

• For Further Information, Contact
• Michael Krushnisky
• mkrushnisky_at_privasoft.net
• (866) 764-1696, Ext. 227

The CMA and PRIVASOFT have just teamed up to
provide a powerful software solution to help
companies comply with privacy regulations. We are
pleased to offer four new privacy compliance
related products geared specifically for CMA
members.